diff options
author | Paul Duncan <pabs@pablotron.org> | 2022-01-29 08:53:11 -0500 |
---|---|---|
committer | Paul Duncan <pabs@pablotron.org> | 2022-01-29 08:53:11 -0500 |
commit | ecd771e5ec64fb43f6275c357bcdf4ff91208a06 (patch) | |
tree | ae7d9f0328184da4aba6ab1e4167abd2a58c6b87 | |
parent | 8eba9d38f2432dbfcfa3b0b019bc926a80251c70 (diff) | |
download | pablotron.org-ecd771e5ec64fb43f6275c357bcdf4ff91208a06.tar.bz2 pablotron.org-ecd771e5ec64fb43f6275c357bcdf4ff91208a06.zip |
posts/media-shrinkage: add note about BREACH
-rw-r--r-- | content/posts/2022-01-28-media-shrinkage.md | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/content/posts/2022-01-28-media-shrinkage.md b/content/posts/2022-01-28-media-shrinkage.md index b89f064..dbe87a2 100644 --- a/content/posts/2022-01-28-media-shrinkage.md +++ b/content/posts/2022-01-28-media-shrinkage.md @@ -36,7 +36,13 @@ Recently I made the following site improvements: element wrapped in a [`<figure>`][figure]. 5. Updated bitmap images in recent content to default to [WebP][] with a fallback to [PNG][] ([progressive enhancement][]). -6. Configured [`mod_deflate`][mod_deflate] to compress [SVGs][svg]. +6. Configured [`mod_deflate`][mod_deflate] to compress [SVGs][svg] (see + note about [BREACH][] below). + +**Note:** Using [HTTP compression][] ([`mod_deflate`][mod_deflate], +[`mod_brotli`][mod_brotli], etc) with [dynamic web pages][] can expose +you to a [BREACH][] attack. This site is [statically generated][] (via +[Hugo][]) so [BREACH][] is not an issue. ### Results @@ -55,6 +61,8 @@ in [Chrome][]: `AddOutputFilterByType image/svg+xml` * [Debian][]: Add `image/webp webp` to `/etc/mime.types`. +**Update (2022-01-29):** Added warning about [BREACH][]. + [svg]: https://en.wikipedia.org/wiki/Scalable_Vector_Graphics "Scalable Vector Graphics" [minify]: https://github.com/tdewolff/minify/tree/master/cmd/minify @@ -74,7 +82,7 @@ in [Chrome][]: [figure]: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/figure "figure HTML element" [mod_deflate]: https://httpd.apache.org/docs/current/mod/mod_deflate.html - "Apache DEFLATE output filter." + "Apache DEFLATE compression output filter." [chrome]: https://www.google.com/chrome "Google Chrome web browser." [avif]: https://en.wikipedia.org/wiki/AVIF @@ -85,3 +93,15 @@ in [Chrome][]: "Command-line image conversion tools." [apache]: https://httpd.apache.org/ "Apache web server." +[breach]: https://en.wikipedia.org/wiki/BREACH + "HTTP compression security vulnerability that leaks information over TLS connections." +[http compression]: https://en.wikipedia.org/wiki/HTTP_compression + "HTTP compression" +[statically generated]: https://en.wikipedia.org/wiki/Static_web_page + "Statically generated web page" +[hugo]: https://gohugo.io/ + "Hugo static site generator" +[mod_brotli]: https://httpd.apache.org/docs/trunk/mod/mod_brotli.html + "Apache brotli compression output filter." +[dynamic web pages]: https://en.wikipedia.org/wiki/Dynamic_web_page + "Dynamically generated web page" |