From a8f88e7232ca39005e9d78e45481ee8bb1e6e771 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Wed, 13 Mar 2019 19:11:49 +0100
Subject: [PATCH] [yolo] gzip off in global.conf breaks everything because
 conflict with gzip on; in nginx.conf ... Moving it to server blocs

---
 data/templates/nginx/plain/global.conf         | 1 -
 data/templates/nginx/plain/yunohost_admin.conf | 4 ++++
 data/templates/nginx/server.tpl.conf           | 4 ++++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/data/templates/nginx/plain/global.conf b/data/templates/nginx/plain/global.conf
index 07f7c49ea..b3a5f356a 100644
--- a/data/templates/nginx/plain/global.conf
+++ b/data/templates/nginx/plain/global.conf
@@ -1,2 +1 @@
 server_tokens off;
-gzip off;
diff --git a/data/templates/nginx/plain/yunohost_admin.conf b/data/templates/nginx/plain/yunohost_admin.conf
index 2493e4033..ff61b8638 100644
--- a/data/templates/nginx/plain/yunohost_admin.conf
+++ b/data/templates/nginx/plain/yunohost_admin.conf
@@ -51,6 +51,10 @@ server {
     more_set_headers "X-Permitted-Cross-Domain-Policies : none";
     more_set_headers "X-Frame-Options : SAMEORIGIN";
 
+    # Disable gzip to protect against BREACH
+    # Read https://trac.nginx.org/nginx/ticket/1720 (text/html cannot be disabled!)
+    gzip off;
+
     location / {
         return 302 https://$http_host/yunohost/admin;
     }
diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf
index 43d38ca98..d8793ef05 100644
--- a/data/templates/nginx/server.tpl.conf
+++ b/data/templates/nginx/server.tpl.conf
@@ -71,6 +71,10 @@ server {
     resolver_timeout 5s;
     {% endif %}
 
+    # Disable gzip to protect against BREACH
+    # Read https://trac.nginx.org/nginx/ticket/1720 (text/html cannot be disabled!)
+    gzip off;
+
     access_by_lua_file /usr/share/ssowat/access.lua;
 
     include /etc/nginx/conf.d/{{ domain }}.d/*.conf;