diff options
Diffstat (limited to 'content')
| -rw-r--r-- | content/posts/2022-01-28-media-shrinkage.md | 24 | 
1 files changed, 22 insertions, 2 deletions
| diff --git a/content/posts/2022-01-28-media-shrinkage.md b/content/posts/2022-01-28-media-shrinkage.md index b89f064..dbe87a2 100644 --- a/content/posts/2022-01-28-media-shrinkage.md +++ b/content/posts/2022-01-28-media-shrinkage.md @@ -36,7 +36,13 @@ Recently I made the following site improvements:     element wrapped in a [`<figure>`][figure].  5. Updated bitmap images in recent content to default to [WebP][] with a     fallback to [PNG][] ([progressive enhancement][]). -6. Configured [`mod_deflate`][mod_deflate] to compress [SVGs][svg]. +6. Configured [`mod_deflate`][mod_deflate] to compress [SVGs][svg] (see +   note about [BREACH][] below). + +**Note:** Using [HTTP compression][] ([`mod_deflate`][mod_deflate], +[`mod_brotli`][mod_brotli], etc) with [dynamic web pages][] can expose +you to a [BREACH][] attack.  This site is [statically generated][] (via +[Hugo][]) so [BREACH][] is not an issue.  ### Results @@ -55,6 +61,8 @@ in [Chrome][]:    `AddOutputFilterByType image/svg+xml`  * [Debian][]: Add `image/webp webp` to `/etc/mime.types`. +**Update (2022-01-29):** Added warning about [BREACH][]. +  [svg]: https://en.wikipedia.org/wiki/Scalable_Vector_Graphics    "Scalable Vector Graphics"  [minify]: https://github.com/tdewolff/minify/tree/master/cmd/minify @@ -74,7 +82,7 @@ in [Chrome][]:  [figure]: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/figure    "figure HTML element"  [mod_deflate]: https://httpd.apache.org/docs/current/mod/mod_deflate.html -  "Apache DEFLATE output filter." +  "Apache DEFLATE compression output filter."  [chrome]: https://www.google.com/chrome    "Google Chrome web browser."  [avif]: https://en.wikipedia.org/wiki/AVIF @@ -85,3 +93,15 @@ in [Chrome][]:    "Command-line image conversion tools."  [apache]: https://httpd.apache.org/    "Apache web server." +[breach]: https://en.wikipedia.org/wiki/BREACH +  "HTTP compression security vulnerability that leaks information over TLS connections." +[http compression]: https://en.wikipedia.org/wiki/HTTP_compression +  "HTTP compression" +[statically generated]: https://en.wikipedia.org/wiki/Static_web_page +  "Statically generated web page" +[hugo]: https://gohugo.io/ +  "Hugo static site generator" +[mod_brotli]: https://httpd.apache.org/docs/trunk/mod/mod_brotli.html +  "Apache brotli compression output filter." +[dynamic web pages]: https://en.wikipedia.org/wiki/Dynamic_web_page +  "Dynamically generated web page" | 
