kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Merge pull request #40112 from eliotsykes/patch-1

Browse source 
Resurrect doc explaining Basic Auth behavior [skip ci]
This commit is contained in:
Vipul A M 2020-08-30 03:16:59 +05:30 committed by GitHub
commit 320f93c4d1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
actionpack/lib/action_controller/metal/http_authentication.rb
View file

@ -76,6 +76,8 @@ module ActionController
def http_basic_authenticate_or_request_with(name:, password:, realm: nil, message: nil)
authenticate_or_request_with_http_basic(realm, message) do |given_name, given_password|
# This comparison uses & so that it doesn't short circuit and
# uses `secure_compare` so that length information isn't leaked.
ActiveSupport::SecurityUtils.secure_compare(given_name, name) &
ActiveSupport::SecurityUtils.secure_compare(given_password, password)
end