webapp: Use securemem for constant time auth token comparisons.
Debian stable does not have securemem, but neither does it have warp-tls, so just disable use of securemem when not building with https support.
This commit is contained in:
parent
ea0138d8a1
commit
66b8b9c094
9 changed files with 63 additions and 33 deletions
|
@ -22,6 +22,7 @@ import Assistant.DaemonStatus
|
|||
import Assistant.Types.Buddies
|
||||
import Utility.NotificationBroadcaster
|
||||
import Utility.Yesod
|
||||
import Utility.WebApp
|
||||
|
||||
import Data.Text (Text)
|
||||
import qualified Data.Text as T
|
||||
|
@ -64,7 +65,7 @@ notifierUrl route broadcaster = do
|
|||
[ "/"
|
||||
, T.intercalate "/" urlbits
|
||||
, "?auth="
|
||||
, secretToken webapp
|
||||
, fromAuthToken (authToken webapp)
|
||||
]
|
||||
|
||||
getNotifierTransfersR :: Handler RepPlain
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue