Upgrading server dependancies (#4566)

author: Christopher Speller <crspeller@gmail.com> 2016-11-16 19:28:52 -0500
committer: GitHub <noreply@github.com> 2016-11-16 19:28:52 -0500
commit: 0135904f7d3e1c0e763adaefe267c736616e3d26 (patch)
tree: c27be7588f98eaea62e0bd0c0087f2b348da9738 /vendor/github.com/gorilla/handlers/compress.go
parent: 0b296dd8c2aefefe89787be5cc627d44cf431150 (diff)
download: chat-0135904f7d3e1c0e763adaefe267c736616e3d26.tar.gz
chat-0135904f7d3e1c0e763adaefe267c736616e3d26.tar.bz2
chat-0135904f7d3e1c0e763adaefe267c736616e3d26.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/vendor/github.com/gorilla/handlers/compress.go b/vendor/github.com/gorilla/handlers/compress.go
index 5e140c503..e8345d792 100644
--- a/vendor/github.com/gorilla/handlers/compress.go
+++ b/vendor/github.com/gorilla/handlers/compress.go
@@ -56,6 +56,9 @@ func (w *compressResponseWriter) Flush() {
 
 // CompressHandler gzip compresses HTTP responses for clients that support it
 // via the 'Accept-Encoding' header.
+//
+// Compressing TLS traffic may leak the page contents to an attacker if the
+// page contains user input: http://security.stackexchange.com/a/102015/12208
 func CompressHandler(h http.Handler) http.Handler {
 	return CompressHandlerLevel(h, gzip.DefaultCompression)
 }
author	Christopher Speller <crspeller@gmail.com>	2016-11-16 19:28:52 -0500
committer	GitHub <noreply@github.com>	2016-11-16 19:28:52 -0500
commit	0135904f7d3e1c0e763adaefe267c736616e3d26 (patch)
tree	c27be7588f98eaea62e0bd0c0087f2b348da9738 /vendor/github.com/gorilla/handlers/compress.go
parent	0b296dd8c2aefefe89787be5cc627d44cf431150 (diff)
download	chat-0135904f7d3e1c0e763adaefe267c736616e3d26.tar.gz chat-0135904f7d3e1c0e763adaefe267c736616e3d26.tar.bz2 chat-0135904f7d3e1c0e763adaefe267c736616e3d26.zip