From e0a1ccb64a637673195804513902cba6b1d4e97c Mon Sep 17 00:00:00 2001 From: Niall Sheridan Date: Mon, 31 Oct 2016 16:36:17 +0000 Subject: Update dependencies --- vendor/github.com/gorilla/handlers/compress.go | 3 +++ 1 file changed, 3 insertions(+) (limited to 'vendor/github.com/gorilla/handlers') diff --git a/vendor/github.com/gorilla/handlers/compress.go b/vendor/github.com/gorilla/handlers/compress.go index 5e140c5..e8345d7 100644 --- a/vendor/github.com/gorilla/handlers/compress.go +++ b/vendor/github.com/gorilla/handlers/compress.go @@ -56,6 +56,9 @@ func (w *compressResponseWriter) Flush() { // CompressHandler gzip compresses HTTP responses for clients that support it // via the 'Accept-Encoding' header. +// +// Compressing TLS traffic may leak the page contents to an attacker if the +// page contains user input: http://security.stackexchange.com/a/102015/12208 func CompressHandler(h http.Handler) http.Handler { return CompressHandlerLevel(h, gzip.DefaultCompression) } -- cgit v1.2.3