How can I set caching only?

Question

How can I set caching only?

tildebox opened this issue 3 years ago · 1 comments

tildebox commented 3 years ago

Description

I refer to "Using WhiteNoise with Django" point "3. Add compression and caching support".

There are two possibilities:

CompressedManifestStaticFilesStorage:
combines automatic compression with the caching behaviour

CompressedStaticFilesStorage:
just compression

According to the Django website, compression is dangerous - excerpt:

GZip middleware
Warning
Security researchers recently revealed that when compression techniques (including GZipMiddleware) are used on a website, the site may become exposed to a number of possible attacks. Before using GZipMiddleware on your site, you should consider very carefully whether you are subject to these attacks. If you’re in any doubt about whether you’re affected, you should avoid using GZipMiddleware.

Source: https://docs.djangoproject.com/en/4.0/ref/middleware/#module-django.middleware.gzip

I would like to use only caching without compression.
How can I do that? Is there a workaround?

Answer 1 · 2022-06-18T15:11:46.000Z

You can use ManifestStaticFilesStorage to get caching without compression.

But you've misunderstood the security threat here: it refers to the possibility of leaking private information from dynamic pages if an attacker can observe the compressed, encrypted traffic. Your static files are neither private nor dynamic, so there's no risk involved in using compression with them.