From e2cca3ba59d92a234395531602d735f576797fb2 Mon Sep 17 00:00:00 2001
From: Calum Mackervoy <c.mackervoy@gmail.com>
Date: Tue, 3 Nov 2020 09:55:32 +0000
Subject: [PATCH] Feature: compressing responses
---
README.md | 10 ++++++++++
setup.cfg | 1 +
2 files changed, 11 insertions(+)
diff --git a/README.md b/README.md
index cf2760d5..74ed897a 100644
--- a/README.md
+++ b/README.md
@@ -166,6 +166,16 @@ To start the server, `cd` to the root of your Django project and run :
$ python3 manage.py runserver
```
+##Â Compression - WARNING!
+
+Security researchers recently revealed that when compression techniques are used on a website, the site may become exposed to a number of possible attacks. Before using compression on your site, you should consider very carefully whether you are subject to these attacks. If you’re in any doubt about whether you’re affected, you should disable this feature in DjangoLDP as described below. For more details, see the the [BREACH paper](http://breachattack.com/resources/BREACH%20-%20SSL,%20gone%20in%2030%20seconds.pdf) (PDF) and [breachattack.com](http://breachattack.com/).
+
+By default, compression is active on all views, using the Brotli algorithm. Whenever the client sends a request including `br` in the `Accept-Encoding` header, the response will be compressed, and the browser will automatically decode it ([excluding the same exceptions as Django's GZipMiddleware](https://docs.djangoproject.com/en/2.2/ref/middleware/#module-django.middleware.gzip))
+
+#### Disabling Compression
+
+To disable the compression (especially important if you believe your server could be subject to [vulnerabilities](http://breachattack.com/)), simply remove the lines including `'django_brotli.middleware.BrotliMiddleware'` and `'django.middleware.gzip.GZipMiddleware'` in your server's `MIDDLEWARE` settings
+
## Using DjangoLDP
###Â Models
diff --git a/setup.cfg b/setup.cfg
index 453495b3..45f79b19 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -18,6 +18,7 @@ install_requires =
validators~=0.12
pyld==1.0.5
django-guardian==2.3.0
+ django-brotli
[options.extras_require]
dev =
--
GitLab