httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacob Champion <>
Subject Re: FYI brotli
Date Tue, 17 Jan 2017 00:45:22 GMT
On 01/16/2017 04:42 PM, Jacob Champion wrote:
> Current guidance to avoid BREACH is still, AFAIK, to avoid situations
> where third-party data is being sent in the same response as first-party
> secrets. I don't think we have a way to know when this is happening

...though if the current response is coming from a static file on disk, 
that's probably a decent heuristic for the vast majority of users out 


View raw message