Skip to content

Commit

Permalink
[nginx] Do not gzip text/vcard MIME types
Browse files Browse the repository at this point in the history 
Vcards contain sensitive information. It's best to disable gzip
compression for them to prevent successful BREACH attacks.

Ref: http://www.breachattack.com/
(cherry picked from commit 170ab9e)
(cherry picked from commit 2ccc451)
  • Loading branch information
@imrejonk @drybjed
imrejonk authored and drybjed committed Dec 25, 2020
1 parent 522f247 commit 330bf00
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
4 changes: 4 additions & 0 deletions CHANGELOG.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,6 +225,10 @@ General
- Don't add the "always" ``add_header`` parameter into configuration files for
:command:`nginx` < 1.7.5.

- Disabled gzip compression of text/vcard MIME types. Vcards contain, by nature,
sensitive information and should not be gzipped to prevent successful BREACH
attacks.

:ref:`debops.nullmailer` role
'''''''''''''''''''''''''''''

Expand Down
1 change: 0 additions & 1 deletion ansible/roles/debops.nginx/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -306,7 +306,6 @@ nginx_http_options: |
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
Expand Down

0 comments on commit 330bf00

Please sign in to comment.