diff options
author | Micah Elizabeth Scott <micah@misc.name> | 2018-08-23 12:12:08 -0700 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2018-08-24 09:08:33 +0200 |
commit | a18e02f358581fe86d97a8768064e83eb6488074 (patch) | |
tree | 90345212407bab6192aec1973d98df476f32fd67 | |
parent | b9ad99560546ff019a9a1e44c01a354c6fa291be (diff) | |
download | PeerTube-a18e02f358581fe86d97a8768064e83eb6488074.tar.gz PeerTube-a18e02f358581fe86d97a8768064e83eb6488074.tar.zst PeerTube-a18e02f358581fe86d97a8768064e83eb6488074.zip |
Only enable gzip for HTML/CSS/JS
No compression on JSON endpoints, in order to protect
from potential compression+encryption data leak attacks (like BREACH)
-rw-r--r-- | support/nginx/peertube | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/support/nginx/peertube b/support/nginx/peertube index 1b698576f..0720dbd97 100644 --- a/support/nginx/peertube +++ b/support/nginx/peertube | |||
@@ -37,9 +37,11 @@ server { | |||
37 | # resolver $DNS-IP-1 $DNS-IP-2 valid=300s; | 37 | # resolver $DNS-IP-1 $DNS-IP-2 valid=300s; |
38 | # resolver_timeout 5s; | 38 | # resolver_timeout 5s; |
39 | 39 | ||
40 | # Enable compression for JS/CSS/HTML and JSON, for improved client load times | 40 | # Enable compression for JS/CSS/HTML bundle, for improved client load times. |
41 | # It might be nice to compress JSON, but leaving that out to protect against potential | ||
42 | # compression+encryption information leak attacks like BREACH. | ||
41 | gzip on; | 43 | gzip on; |
42 | gzip_types text/plain text/css text/html application/javascript application/json; | 44 | gzip_types text/css text/html application/javascript; |
43 | gzip_vary on; | 45 | gzip_vary on; |
44 | 46 | ||
45 | add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; | 47 | add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; |