curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Applying decompression by default when content-encoding header is set

From: Jeffrey Walton via curl-users <>
Date: Fri, 18 Jun 2021 06:54:42 -0400

On Thu, Jun 17, 2021 at 4:20 PM Marcus Hoffmann via curl-users
<> wrote:
> today I interacted with an API that applied gzip encoding by default to
> responses, which after reading
> I think is
> valid behaviour.

It is also risky behavior when using HTTPS. CRIME, BEAST and friends.

You may want to disable compression on the connection if you are
handling sensitive data.

Received on 2021-06-18