Response Compression middleware

[Yves57]

A first PR proposition about #34

Included:

• GZIP compression.
• Options to set compression level, content minimum size threshold, accepted MIME types, additional compression providers.

Pending:

• Probably optimizations in the temporary MemoryStream management.
• A default accepted MIME types list?
• A default value for MinimumSize option?
• Other compression algorithms?

[dnfclas]

Hi @Yves57, I'm your friendly neighborhood .NET Foundation Pull Request Bot (You can call me DNFBOT). Thanks for your contribution!
You've already signed the contribution license agreement. Thanks!

The agreement was validated by .NET Foundation and real humans are currently evaluating your PR.

TTYL, DNFBOT;

[Tratcher]

Fully buffering all responses is not viable. We'll need to wrap the Response.Body stream and do the compression check on the first write.

[Yves57]

Is there any special test to add, or I can assume that in any cases the MIME type is available when the first byte is written in the body Stream? In understand that the header is written before the body, but I want to be sure that there are not special cases.

[Tratcher]

Headers.Remove...

[troydai]

Please put System.* ahead of other namespaces.

[troydai]

Remove?

[davidfowl]

@Yves57 Can you get some basic performance data when this middleware is active and doing its job and when it's not since it always wraps the stream.

[troydai]

nit: follow form of property can make the code more condense and readable

public string EncodingName { get; } = "gzip";

[blowdart]

I'd like to see a flag, which is set by default, so compression doesn't happen if the request protocol is HTTPS to combat variations on Beast, Crime et al.

[Tratcher]

@DamianEdwards @muratg Are we actually planning to accept/ship this as an official package or should this be moved to contrib?

[blowdart]

If you're shipping it then I definitely want my flag :D

[DamianEdwards]

I'm more than happy to accept this from a function/product point of view (modulo usual API, security, perf, engineering reviews, etc.)

[Yves57]

For the HTTPS flag, is EnableHttps a correct name for you?

[Yves57]

@davidfowl I have used the TestServer to do very basic performance tests:

• Body length: 100 bytes (so compression time itself is very small, but of course there is still the compression initialization time)
• 10000 requests
• Test written in a unit test run in Release

The results on my computer:

• No compression middleware: 965 ms
• Compression active but not used: 1025 ms
• Compression active and used : 1500 ms

I will push the perf test source code in my next PR (I can remove it later if you want).

[Tratcher]

How does it perform with Kestrel?

[Yves57]

@Tratcher @davidfowl

Other test:

• Using "go-wrk" the client side (with 1 or 4 connections during 10 seconds).
• Using the PR sample application, except that the body length is a 100 byte constant string
• first run result ignored (warmup)

On my computer (so all in local) with 1 connection:

• No compression middleware: 379 requests/s
• Compression active but not used: 379 requests/s
• Compression active and used: 353 requests/s

On my computer (so all in local) with 4 connections:

• No compression middleware: 499 requests/s
• Compression active but not used: 498 requests/s
• Compression active and used: 494 requests/s

So the stream wrapper seems to be more or less "free" in term of performance, even if I'm a little bit surprised by the small difference between compression/none with 4 connections.

[RehanSaeed]

I'm going to be building a Request Decompression middleware (I work for a company that sends large JSON logs from Android apps in rural Africa where GPRS internet connectivity is low and compression would make a massive difference). Request Decompression is essentially going to be a mirror image of Response Compression (Decompress, instead of Compress).

Is there any appetite for extending this PR or starting a new PR based on this one?

IMHO, I'm really surprised that Request Decompression is not a thing in .NET or IIS and even more surprised that I've never wondered why it was missing. No easy built in option for HttpClient either.

[RehanSaeed]

MIME Types

The MIME types have no default value, I propose the following list which only includes standard MIME types where possible and no common MIME type synonyms like text/javascript.

var mimeTypes = new string[]
{
    // Plain Text
    "text/html",
    "text/plain",
    "text/css",
    "text/mathml",
    "application/rtf",
    // JSON
    "application/javascript",
    "application/json",
    "application/manifest+json",
    "application/x-web-app-manifest+json",
    "text/cache-manifest",
    // XML
    "application/atom+xml",
    "application/rss+xml",
    "application/xslt+xml",
    "application/xml",
    // Fonts
    "font/opentype",
    "font/otf",
    "font/truetype",
    "application/font-woff",
    "application/vnd.ms-fontobject",
    "application/x-font-ttf",
    // Images
    "image/svg+xml",
    "image/x-icon"
};

You'd probably also want to use the above list for Request Compression, although the option to be different should still be there.

Minimum Size Option

IIS and NGINX provide an options which lets you specify a minimum size before compression is applied. This option should be added to the ResponseCompressionOptions.

NGINX also provides other options which I don't think are as important but should be considered:

1. The HTTP version to enable compression for. NGINX sets the default to 1.1 and not 1.0.
2. An option to use Regex to disable GZIP based on the User-Agent. This is commonly set to "MSIE [1-6]\." which disables GZIP for IE 1 to 6.

[Yves57]

@davidfowl @Tratcher
I just made a memory profiling. Here are the results for 3368 requests.

I think the most important information in that DeflateStream allocates a significant amount of memory (GZipStream is in fact a wrapper around DeflateStream).

• A managed buffer of 8192 bytes that is allocated each time.
• Unmanaged memory buffers are allocated and destroyed each time in ZLib, while a native function deflateReset allows to reset ZLib without destroying buffers.

I think a good optimization would be to add a method GZipStream.Set(Stream newOutput) to reset an existing GZipStream without destroying buffers and assign a new output. With this method, we could have GZipStream instances in a pool, and use them on demand.

[dodyg]

I had to resort using the following MIME type statement instead of just application/json because that's what context.Response.ContentType returns.

app.UseResponseCompression(new string[]{ "application/json; charset=utf-8" });

[Yves57]

@dodyg Are you sure that you have the latest version of the PR? The extension method with only MIME types does not exist anymore. And I just tried your sample without any problem.

[davidfowl]

Middleware shouldn't need to reference Http directly. What are you using from here that isn't in abstractions?

[Yves57]

You're right, "Http.Abstractions" is enough. I fix it.

[dodyg]

@Yves57 ah my fault. It works now.

            var compressionOptions = new ResponseCompressionOptions
            {
                MimeTypes = new string[]{ "application/json" }
            };
            app.UseResponseCompression(compressionOptions);

[andrewlock]

Just for reference, compression via middleware is available currently in WebMarkupMin.AspNetCore1 - I haven't compared the implementations, but there may be something of interest pertinent to this PR?

[Tratcher]

ASPNETCORE_ENVIRONMENT

[Yves57]

I will fix, but just for information "ResponseBufferingSample" has the same error 😄 .

[Tratcher]

Feel free to fix the ResponseBufferingSample too :-)

[Tratcher]

ASPNETCORE_ENVIRONMENT

[Tratcher]

This should be extracted to a generic ShouldCompressResponse callback on Options for more customizable control. Then we'd have an implementation based on mime types.

[Tratcher]

IApplicationBuilder extensions go into the Microsoft.AspNetCore.Builder namespace

[Tratcher]

Sometimes we'll move the Options there too, but we're less consistent about that.

[Tratcher]

@blowdart should this option even be available?

[blowdart]

No it shouldn't. Remove.

[Tratcher]

remove basic

[Tratcher]

Copy from https://github.com/aspnet/BasicMiddleware/blob/dev/src/Microsoft.AspNetCore.HttpOverrides/Properties/AssemblyInfo.cs

[Tratcher]

Use TestServer to arrange this. See https://github.com/aspnet/BasicMiddleware/blob/dev/test/Microsoft.AspNetCore.HttpOverrides.Tests/ForwardedHeadersMiddlewareTest.cs#L22

[Tratcher]

This needs to call OnWrite() if the user is just trying to flush the headers

[Tratcher]

OnWrite();

[Tratcher]

We discussed this offline. It can stay, but will remain off by default. bing, google, msn, and wikipedia all enable this, so we can't outright prohibit it.

[Tratcher]

@RehanSaeed there are a few different issues with request compression. A) There's no opportunity for the client and server to negotiate the compression protocol, the client needs to know in advance what the server supports. B) the server may not need to decompress the body for a given operation. E.g. for your compressed log files, what if the web server only wanted to save them to disk in their compressed format.

Let's not try to put these two behaviors into one middleware. However, there may be some re-usable components between the two.

You can check with @DamianEdwards, but I don't anticipate accepting a contribution for request decompression. https://github.com/aspnet-contrib may be a better place for it.

[Tratcher]

Thanks for the update, it looks pretty good. The options still need some refinements, but I'll merge it and take over from here.

[Tratcher]

Rebased, squashed, and merged.