summaryrefslogtreecommitdiffstats
path: root/roles/lists/templates/etc/nginx/snippets/lists.fripost.org.hpkp-hdr.j2
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-05-17 16:21:37 +0200
committerGuilhem Moulin <guilhem@fripost.org>2020-05-17 18:30:03 +0200
commite75fdedc7267b4918dbf4ebe10e66f2ac90ab313 (patch)
tree2940169d453844ed688d3e0d47ee9ec49a675908 /roles/lists/templates/etc/nginx/snippets/lists.fripost.org.hpkp-hdr.j2
parenta4e1c724be8729854c38c452a7bc248a3ee16f39 (diff)
Webmail: Compress static resources.
We leave dynamic pages (those passed to PHP-FPM) alone for now: compressing them would make us vulnerable to BREACH attacks. This will be revisited once Roundcube 1.5 is released: 1.5 adds support for the same-site cookie attribute which once set to 'Strict' makes it immune to BREACH attacks: https://github.com/roundcube/roundcubemail/pull/6772 https://www.sjoerdlangkemper.nl/2016/11/07/current-state-of-breach-attack/#same-site-cookies
Diffstat (limited to 'roles/lists/templates/etc/nginx/snippets/lists.fripost.org.hpkp-hdr.j2')
0 files changed, 0 insertions, 0 deletions