Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-evaluate GZIP compression (BREACH) #6

Open
mdPlusPlus opened this issue Jan 20, 2019 · 0 comments
Open

Re-evaluate GZIP compression (BREACH) #6

mdPlusPlus opened this issue Jan 20, 2019 · 0 comments

Comments

@mdPlusPlus
Copy link
Owner

Current code:

        gzip on;
        gzip_comp_level 2;
        gzip_disable "msie6";
        gzip_proxied any;
        gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml application/x-font-ttf font/opentype application/vnd.ms-fontobject;
        gzip_vary on;

So far the easiest solution to avoid BREACH attacks seems to be setting gzip off;
Further investigation is needed.
@mdPlusPlus mdPlusPlus changed the title Re-evaluate GZIP compresseion (BREACH) Re-evaluate GZIP compression (BREACH) Feb 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mdPlusPlus