Security Vulnerability with compressed html

Question

Closed this issue 6 years ago · 1 comments

Rafeal said this is the reason Rails doesn't use Rack::Deflate by default: http://breachattack.com/

Answer 1 · 2017-10-16T18:12:30.000Z

Rafeal:
It is only an issue if you have a csrf token in the page, usually all rails pages has