Rocket

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README
commit 0666e425fe7e726995dcf5894958a69987e6054e
parent 0a3960b0317b030cf3d3345f2d1abb83c1aebb91
Author: Jeb Rosen <jeb@jebrosen.com>
Date:   Sat,  4 May 2019 08:38:11 -0700

Add a few missing pieces of 'compression' documentation.

Diffstat:

Mcontrib/lib/src/compression/fairing.rs | 9++++++++-


Mcontrib/lib/src/compression/mod.rs | 7+++++++


Msite/guide/5-responses.md | 2++


3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/contrib/lib/src/compression/fairing.rs b/contrib/lib/src/compression/fairing.rs
@@ -39,7 +39,14 @@ impl Default for Context {
 /// - `application/octet-stream`
 ///
 /// The excluded types can be changed changing the `compress.exclude` Rocket
-/// configuration property.
+/// configuration property in Rocket.toml. The default `Content-Type` exclusions
+/// will be ignored if this is set, and must be added back in one by one if
+/// desired.
+///
+/// ```toml
+/// [global.compress]
+/// exclude = ["video/*", "application/x-xz"]
+/// ```
 ///
 /// # Usage
 ///
diff --git a/contrib/lib/src/compression/mod.rs b/contrib/lib/src/compression/mod.rs
@@ -15,6 +15,13 @@
 //! default-features = false
 //! features = ["compression"]
 //! ```
+//!
+//! # Security Implications
+//!
+//! In some cases, HTTP compression on a site served over HTTPS can make a web
+//! application vulnerable to attacks including BREACH. These risks should be
+//! evaluated in the context of your application before enabling compression.
+//!
 #[cfg(feature="brotli_compression")] extern crate brotli;
 #[cfg(feature="gzip_compression")] extern crate flate2;
 
diff --git a/site/guide/5-responses.md b/site/guide/5-responses.md
@@ -241,6 +241,7 @@ library. Among these are:
   * [`Json`] - Automatically serializes values into JSON.
   * [`MsgPack`] - Automatically serializes values into MessagePack.
   * [`Template`] - Renders a dynamic template using handlebars or Tera.
+  * [`Compress`] - Compresses a response at the HTTP layer.
 
 [`status`]: @api/rocket/response/status/
 [`response`]: @api/rocket/response/
@@ -250,6 +251,7 @@ library. Among these are:
 [`Stream`]: @api/rocket/response/struct.Stream.html
 [`Flash`]: @api/rocket/response/struct.Flash.html
 [`MsgPack`]: @api/rocket_contrib/msgpack/struct.MsgPack.html
+[`Compress`]: @api/rocket_contrib/compression/struct.Compress.html
 
 ### Streaming