From e0a1ccb64a637673195804513902cba6b1d4e97c Mon Sep 17 00:00:00 2001
From: Niall Sheridan <nsheridan@gmail.com>
Date: Mon, 31 Oct 2016 16:36:17 +0000
Subject: Update dependencies

---
 vendor/github.com/gorilla/handlers/compress.go | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'vendor/github.com/gorilla/handlers/compress.go')

diff --git a/vendor/github.com/gorilla/handlers/compress.go b/vendor/github.com/gorilla/handlers/compress.go
index 5e140c5..e8345d7 100644
--- a/vendor/github.com/gorilla/handlers/compress.go
+++ b/vendor/github.com/gorilla/handlers/compress.go
@@ -56,6 +56,9 @@ func (w *compressResponseWriter) Flush() {
 
 // CompressHandler gzip compresses HTTP responses for clients that support it
 // via the 'Accept-Encoding' header.
+//
+// Compressing TLS traffic may leak the page contents to an attacker if the
+// page contains user input: http://security.stackexchange.com/a/102015/12208
 func CompressHandler(h http.Handler) http.Handler {
 	return CompressHandlerLevel(h, gzip.DefaultCompression)
 }
-- 
cgit v1.2.3