Use constant time equality check for auth token
pethin opened this issue · comments
Replace ===
with crypto.subtle.timingSafeEqual
in https://github.com/Sh4yy/cloudflare-email/blob/main/src/middlewares/auth.ts#L16 to prevent timing attacks.
Example: https://developers.cloudflare.com/workers/examples/protect-against-timing-attacks/
Can you create a PR @D3vl0per?
Done #18 @kcoderhtml !
thnks! hopefully @Sh4yy can merge both our PRs soon!