diff options
author | Christopher Speller <crspeller@gmail.com> | 2016-11-16 19:28:52 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-11-16 19:28:52 -0500 |
commit | 0135904f7d3e1c0e763adaefe267c736616e3d26 (patch) | |
tree | c27be7588f98eaea62e0bd0c0087f2b348da9738 /vendor/github.com/gorilla/handlers/compress.go | |
parent | 0b296dd8c2aefefe89787be5cc627d44cf431150 (diff) | |
download | chat-0135904f7d3e1c0e763adaefe267c736616e3d26.tar.gz chat-0135904f7d3e1c0e763adaefe267c736616e3d26.tar.bz2 chat-0135904f7d3e1c0e763adaefe267c736616e3d26.zip |
Upgrading server dependancies (#4566)
Diffstat (limited to 'vendor/github.com/gorilla/handlers/compress.go')
-rw-r--r-- | vendor/github.com/gorilla/handlers/compress.go | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/vendor/github.com/gorilla/handlers/compress.go b/vendor/github.com/gorilla/handlers/compress.go index 5e140c503..e8345d792 100644 --- a/vendor/github.com/gorilla/handlers/compress.go +++ b/vendor/github.com/gorilla/handlers/compress.go @@ -56,6 +56,9 @@ func (w *compressResponseWriter) Flush() { // CompressHandler gzip compresses HTTP responses for clients that support it // via the 'Accept-Encoding' header. +// +// Compressing TLS traffic may leak the page contents to an attacker if the +// page contains user input: http://security.stackexchange.com/a/102015/12208 func CompressHandler(h http.Handler) http.Handler { return CompressHandlerLevel(h, gzip.DefaultCompression) } |