mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-03 18:38:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

[1.5.x] Fixed #20887 -- Added a warning to GzipMiddleware in light of BREACH.

Browse source 
Thanks EvilDMP for the report and Russell Keith-Magee
for the draft text.

Backport of da843e7dba from master
This commit is contained in:
Tim Graham 2013-09-11 08:17:15 -04:00
parent 2a7d3030f9
commit 169594f5ae
2 changed files with 18 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
docs/topics/cache.txt
View file

@ -1147,7 +1147,10 @@ site's performance:
and ``Last-Modified`` headers.
* :class:`django.middleware.gzip.GZipMiddleware` compresses responses for all
modern browsers, saving bandwidth and transfer time.
modern browsers, saving bandwidth and transfer time. Be warned, however,
that compression techniques like ``GZipMiddleware`` are subject to attacks.
See the warning in :class:`~django.middleware.gzip.GZipMiddleware` for
details.
Order of MIDDLEWARE_CLASSES
===========================