diff options
| author | Niall Sheridan <nsheridan@gmail.com> | 2016-10-31 16:36:17 +0000 |
|---|---|---|
| committer | Niall Sheridan <nsheridan@gmail.com> | 2016-10-31 16:40:08 +0000 |
| commit | e0a1ccb64a637673195804513902cba6b1d4e97c (patch) | |
| tree | abc1598be28cda231d92cda8fb10b49eeb564c29 /vendor/github.com/gorilla/handlers | |
| parent | 7bad329d417f19ba4aae2b4607281c2bc5df8ad7 (diff) | |
Update dependencies
Diffstat (limited to 'vendor/github.com/gorilla/handlers')
| -rw-r--r-- | vendor/github.com/gorilla/handlers/compress.go | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/vendor/github.com/gorilla/handlers/compress.go b/vendor/github.com/gorilla/handlers/compress.go index 5e140c5..e8345d7 100644 --- a/vendor/github.com/gorilla/handlers/compress.go +++ b/vendor/github.com/gorilla/handlers/compress.go @@ -56,6 +56,9 @@ func (w *compressResponseWriter) Flush() { // CompressHandler gzip compresses HTTP responses for clients that support it // via the 'Accept-Encoding' header. +// +// Compressing TLS traffic may leak the page contents to an attacker if the +// page contains user input: http://security.stackexchange.com/a/102015/12208 func CompressHandler(h http.Handler) http.Handler { return CompressHandlerLevel(h, gzip.DefaultCompression) } |