Disable gzip compression in Caddyfile

Currently Akkoma doesn't have any proper mitigations against BREACH,
which exploits the use of HTTP compression to exfiltrate sensitive data.
(see: AkkomaGang/akkoma#721 (comment))

To err on the side of caution, disable gzip compression for now until we
can confirm that there's some sort of mitigation in place (whether that
would be Heal-The-Breach on the Caddy side or any Akkoma-side
mitigations).
This commit is contained in:
Norm 2024-06-17 23:13:55 -04:00
parent 962847fdc3
commit 51f09531c4

View file

@ -12,8 +12,6 @@ example.tld {
output file /var/log/caddy/akkoma.log output file /var/log/caddy/akkoma.log
} }
encode gzip
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
# and `localhost.` resolves to [::0] on some systems: see issue #930 # and `localhost.` resolves to [::0] on some systems: see issue #930
reverse_proxy 127.0.0.1:4000 reverse_proxy 127.0.0.1:4000