On Aug 12, 2013, at 21:32 , offmind wrote: > And what if we are using gzip_static? > As far as I understand, we have to block gzipping page code. But what about > .js .css with no secure content?
Statically gzipped files do not depend on user input so they are not subject to BREACH. -- Igor Sysoev http://nginx.com/services.html _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
