diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2020-05-17 16:21:37 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2020-05-17 18:30:03 +0200 |
commit | e75fdedc7267b4918dbf4ebe10e66f2ac90ab313 (patch) | |
tree | 2940169d453844ed688d3e0d47ee9ec49a675908 /roles/lists/templates/etc/nginx/snippets/lists.fripost.org.hpkp-hdr.j2 | |
parent | a4e1c724be8729854c38c452a7bc248a3ee16f39 (diff) |
Webmail: Compress static resources.
We leave dynamic pages (those passed to PHP-FPM) alone for now:
compressing them would make us vulnerable to BREACH attacks. This will
be revisited once Roundcube 1.5 is released: 1.5 adds support for the
same-site cookie attribute which once set to 'Strict' makes it immune to
BREACH attacks:
https://github.com/roundcube/roundcubemail/pull/6772
https://www.sjoerdlangkemper.nl/2016/11/07/current-state-of-breach-attack/#same-site-cookies
Diffstat (limited to 'roles/lists/templates/etc/nginx/snippets/lists.fripost.org.hpkp-hdr.j2')
0 files changed, 0 insertions, 0 deletions