Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: use time-constant comparison for CSRF tokens (#9875)
This hardens the framework against a theoretical timing attack based on comparing how quickly a request with an invalid CSRF token is rejected.
- Loading branch information