From 51f09531c48427991a0b047498aec8e706797713 Mon Sep 17 00:00:00 2001
From: Norm <normandy@biribiri.dev>
Date: Mon, 17 Jun 2024 23:13:55 -0400
Subject: [PATCH] Disable gzip compression in Caddyfile

Currently Akkoma doesn't have any proper mitigations against BREACH,
which exploits the use of HTTP compression to exfiltrate sensitive data.
(see: https://akkoma.dev/AkkomaGang/akkoma/pulls/721#issuecomment-11487)

To err on the side of caution, disable gzip compression for now until we
can confirm that there's some sort of mitigation in place (whether that
would be Heal-The-Breach on the Caddy side or any Akkoma-side
mitigations).
---
 installation/caddy/Caddyfile | 2 --
 1 file changed, 2 deletions(-)

diff --git a/installation/caddy/Caddyfile b/installation/caddy/Caddyfile
index 6deee74d2..3322acc69 100644
--- a/installation/caddy/Caddyfile
+++ b/installation/caddy/Caddyfile
@@ -12,8 +12,6 @@ example.tld  {
     output file /var/log/caddy/akkoma.log
   }
 
-  encode gzip
-
   # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
   # and `localhost.` resolves to [::0] on some systems: see issue #930
   reverse_proxy 127.0.0.1:4000