Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Applying decompression by default when content-encoding header is set
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Jeffrey Walton via curl-users <curl-users_at_cool.haxx.se>
Date: Fri, 18 Jun 2021 06:54:42 -0400
On Thu, Jun 17, 2021 at 4:20 PM Marcus Hoffmann via curl-users
<curl-users_at_cool.haxx.se> wrote:
>
> today I interacted with an API that applied gzip encoding by default to
> responses, which after reading
> https://datatracker.ietf.org/doc/html/rfc7231#section-5.3.4 I think is
> valid behaviour.
It is also risky behavior when using HTTPS. CRIME, BEAST and friends.
You may want to disable compression on the connection if you are
handling sensitive data.
Jeff
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2021-06-18
Date: Fri, 18 Jun 2021 06:54:42 -0400
On Thu, Jun 17, 2021 at 4:20 PM Marcus Hoffmann via curl-users
<curl-users_at_cool.haxx.se> wrote:
>
> today I interacted with an API that applied gzip encoding by default to
> responses, which after reading
> https://datatracker.ietf.org/doc/html/rfc7231#section-5.3.4 I think is
> valid behaviour.
It is also risky behavior when using HTTPS. CRIME, BEAST and friends.
You may want to disable compression on the connection if you are
handling sensitive data.
Jeff
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2021-06-18