Disable gzip compression in Caddyfile
Currently Akkoma doesn't have any proper mitigations against BREACH, which exploits the use of HTTP compression to exfiltrate sensitive data. (see: https://akkoma.dev/AkkomaGang/akkoma/pulls/721#issuecomment-11487) To err on the side of caution, disable gzip compression for now until we can confirm that there's some sort of mitigation in place (whether that would be Heal-The-Breach on the Caddy side or any Akkoma-side mitigations).
This commit is contained in:
Norm
parent
962847fdc3
commit
51f09531c4
1 changed files with 0 additions and 2 deletions
|
|
@ -12,8 +12,6 @@ example.tld {
|
||||||
output file /var/log/caddy/akkoma.log
|
output file /var/log/caddy/akkoma.log
|
||||||
}
|
}
|
||||||
|
|
||||||
encode gzip
|
|
||||||
|
|
||||||
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
|
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
|
||||||
# and `localhost.` resolves to [::0] on some systems: see issue #930
|
# and `localhost.` resolves to [::0] on some systems: see issue #930
|
||||||
reverse_proxy 127.0.0.1:4000
|
reverse_proxy 127.0.0.1:4000
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue