Should I enable Gzip on Nginx server with SSL for a react app?
When you say
it is not to safe to use GZip with SSL
i assume that you are talking about Breach Attack. Well for breach attack to be successful for the compressed response, two conditions need to be satisfied:
- Reflect user-input in HTTP response bodies
- Reflect a secret (such as a CSRF token) in HTTP response bodies
When you send compressed js/css files in response, you usually do not reflect user-input in the response. That means calling the js/css file url will only return that file.
Also you usually do not return any sensitive data in the response along with compressed js/css files.
So yeah it is completely safe to use Gzip compression for js/css assets. Static responses are not vulnerable to this attack.