On 01/16/2017 04:42 PM, Jacob Champion wrote:
Current guidance to avoid BREACH is still, AFAIK, to avoid situations where third-party data is being sent in the same response as first-party secrets. I don't think we have a way to know when this is happening
...though if the current response is coming from a static file on disk, that's probably a decent heuristic for the vast majority of users out there...
--Jacob
