[GITEA] Use maintained gziphandler

- https://github.com/NYTimes/gziphandler doesn't seems to be maintained anymore and Forgejo already includes https://github.com/klauspost/compress which provides a maintained and faster gzip handler fork. - Enables Jitter to prevent BREACH attacks, as this *seems* to be possible in the context of Forgejo.
2023-10-01 00:09:25 +02:00 · 2023-10-01 00:09:25 +02:00 · cc2847241d
commit cc2847241d
parent 92ae4a735c
6 changed files with 23 additions and 21 deletions
--- a/routers/web/web.go
+++ b/routers/web/web.go
@ -48,17 +48,12 @@ import (
 	_ "code.gitea.io/gitea/modules/session" // to registers all internal adapters

 	"gitea.com/go-chi/captcha"
-	"github.com/NYTimes/gziphandler"
 	chi_middleware "github.com/go-chi/chi/v5/middleware"
 	"github.com/go-chi/cors"
+	"github.com/klauspost/compress/gzhttp"
 	"github.com/prometheus/client_golang/prometheus"
 )

-const (
-	// GzipMinSize represents min size to compress for the body size of response
-	GzipMinSize = 1400
-)
-
 // CorsHandler return a http handler who set CORS options if enabled by config
 func CorsHandler() func(next http.Handler) http.Handler {
 	if setting.CORSConfig.Enabled {
@ -229,11 +224,11 @@ func Routes() *web.Route {
 	var mid []any

 	if setting.EnableGzip {
-		h, err := gziphandler.GzipHandlerWithOpts(gziphandler.MinSize(GzipMinSize))
+		wrapper, err := gzhttp.NewWrapper(gzhttp.RandomJitter(32, 0, false))
 		if err != nil {
-			log.Fatal("GzipHandlerWithOpts failed: %v", err)
+			log.Fatal("gzhttp.NewWrapper failed: %v", err)
 		}
-		mid = append(mid, h)
+		mid = append(mid, wrapper)
 	}

 	if setting.Service.EnableCaptcha {