Please sign in to comment.
Use secure_compare when checking CSRF token
Since string comparisions may return early we want to use a constant time comparsion function to protect the CSRF token against timing attacks. Rack::Utils provides a such function.
- Loading branch information...
Showing with 7 additions and 2 deletions.