[pve-devel] applied: [PATCH http-server 2/2] Add configurable 'compression'

Thomas Lamprecht t.lamprecht at proxmox.com
Tue Feb 19 17:30:51 CET 2019


On 2/15/19 12:36 PM, Stoiko Ivanov wrote:
> Rationale for disabling compression is the potential for being affected by
> the BREACH (CVE-2013-3587) attack and it's considered good practice for https
> configuration (see e.g. [0]).
> 
> The default remains: to have compression enabled for compressible file-types.
> 
> [0] https://cipherli.st/
> 
> Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
> ---
>  PVE/APIServer/AnyEvent.pm | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/PVE/APIServer/AnyEvent.pm b/PVE/APIServer/AnyEvent.pm
> index 3892136..277a1ec 100755
> --- a/PVE/APIServer/AnyEvent.pm
> +++ b/PVE/APIServer/AnyEvent.pm
> @@ -184,6 +184,7 @@ sub response {
>      $reqstate->{hdl}->timeout_reset();
>      $reqstate->{hdl}->timeout($self->{timeout});
>  
> +    $nocomp = !$self->{compression};
>      $nocomp = 1 if !$reqstate->{accept_gzip};
>  
>      my $code = $resp->code;
> @@ -552,7 +553,7 @@ sub proxy_request {
>  
>  	$headers->{'cookie'} = PVE::APIServer::Formatter::create_auth_cookie($ticket, $self->{cookie_name}) if $ticket;
>  	$headers->{'CSRFPreventionToken'} = $token if $token;
> -	$headers->{'Accept-Encoding'} = 'gzip' if $reqstate->{accept_gzip};
> +	$headers->{'Accept-Encoding'} = 'gzip' if ($reqstate->{accept_gzip} && $self->{compression});
>  
>  	my $content;
>  
> @@ -1611,6 +1612,7 @@ sub new {
>      $self->{base_uri} //= "/api2";
>      $self->{dirs} //= {};
>      $self->{title} //= 'API Inspector';
> +    $self->{compression} //= 1;
>  
>      # formatter_config: we pass some configuration values to the Formatter
>      $self->{formatter_config} = {};
> 

applied, thanks.



More information about the pve-devel mailing list