forked from AkkomaGang/akkoma
Disable gzip compression in Caddyfile
Currently Akkoma doesn't have any proper mitigations against BREACH, which exploits the use of HTTP compression to exfiltrate sensitive data. (see: AkkomaGang/akkoma#721 (comment)) To err on the side of caution, disable gzip compression for now until we can confirm that there's some sort of mitigation in place (whether that would be Heal-The-Breach on the Caddy side or any Akkoma-side mitigations).
This commit is contained in:
parent
962847fdc3
commit
51f09531c4
1 changed files with 0 additions and 2 deletions
|
@ -12,8 +12,6 @@ example.tld {
|
||||||
output file /var/log/caddy/akkoma.log
|
output file /var/log/caddy/akkoma.log
|
||||||
}
|
}
|
||||||
|
|
||||||
encode gzip
|
|
||||||
|
|
||||||
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
|
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
|
||||||
# and `localhost.` resolves to [::0] on some systems: see issue #930
|
# and `localhost.` resolves to [::0] on some systems: see issue #930
|
||||||
reverse_proxy 127.0.0.1:4000
|
reverse_proxy 127.0.0.1:4000
|
||||||
|
|
Loading…
Reference in a new issue