Chocobozzz/PeerTube
1
0
Fork 0
mirror of https://github.com/Chocobozzz/PeerTube.git synced 2024-11-10 12:26:35 +03:00
Code Issues Projects Releases Wiki Activity

Only enable gzip for HTML/CSS/JS

Browse Source 
No compression on JSON endpoints, in order to protect
from potential compression+encryption data leak attacks (like BREACH)
This commit is contained in:
Micah Elizabeth Scott 2018-08-23 12:12:08 -07:00 committed by Chocobozzz
parent b9ad995605
commit a18e02f358
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
support/nginx/peertube
View File

@ -37,9 +37,11 @@ server {
# resolver $DNS-IP-1 $DNS-IP-2 valid=300s;
# resolver_timeout 5s;
# Enable compression for JS/CSS/HTML and JSON, for improved client load times
# Enable compression for JS/CSS/HTML bundle, for improved client load times.
# It might be nice to compress JSON, but leaving that out to protect against potential
# compression+encryption information leak attacks like BREACH.
gzip on;
gzip_types text/plain text/css text/html application/javascript application/json;
gzip_types text/css text/html application/javascript;
gzip_vary on;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";