From 0135904f7d3e1c0e763adaefe267c736616e3d26 Mon Sep 17 00:00:00 2001
From: Christopher Speller <crspeller@gmail.com>
Date: Wed, 16 Nov 2016 19:28:52 -0500
Subject: Upgrading server dependancies (#4566)

---
 vendor/github.com/gorilla/handlers/compress.go | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'vendor/github.com/gorilla/handlers/compress.go')

diff --git a/vendor/github.com/gorilla/handlers/compress.go b/vendor/github.com/gorilla/handlers/compress.go
index 5e140c503..e8345d792 100644
--- a/vendor/github.com/gorilla/handlers/compress.go
+++ b/vendor/github.com/gorilla/handlers/compress.go
@@ -56,6 +56,9 @@ func (w *compressResponseWriter) Flush() {
 
 // CompressHandler gzip compresses HTTP responses for clients that support it
 // via the 'Accept-Encoding' header.
+//
+// Compressing TLS traffic may leak the page contents to an attacker if the
+// page contains user input: http://security.stackexchange.com/a/102015/12208
 func CompressHandler(h http.Handler) http.Handler {
 	return CompressHandlerLevel(h, gzip.DefaultCompression)
 }
-- 
cgit v1.2.3-1-g7c22