Should I enable Gzip on Nginx server with SSL for a react app? Should I enable Gzip on Nginx server with SSL for a react app? nginx nginx

Should I enable Gzip on Nginx server with SSL for a react app?


reactjs performance nginx frontend gzip

When you say

it is not to safe to use GZip with SSL

i assume that you are talking about Breach Attack. Well for breach attack to be successful for the compressed response, two conditions need to be satisfied:

  1. Reflect user-input in HTTP response bodies
  2. Reflect a secret (such as a CSRF token) in HTTP response bodies

When you send compressed js/css files in response, you usually do not reflect user-input in the response. That means calling the js/css file url will only return that file.

Also you usually do not return any sensitive data in the response along with compressed js/css files.

So yeah it is completely safe to use Gzip compression for js/css assets. Static responses are not vulnerable to this attack.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last