Hi, Please see underlined info below from http://www.grc.com/sn/sn-371.txt
Thanks. *So that's at the connection level as opposed to what you'd call the "application level." The application level, the server, the browser can say, independent of the connection, I'm able to decompress using Deflate and Gzip, for example. And then the server says, oh, good. We're going to save bandwidth by compressing those things before we send them to you since you've said you know how to decompress them. So that's at the application level, or at the HTTP protocol level. It's also possible to do compression at a lower level, down at the SSL link level, essentially. So only Chrome and Firefox ever did that. They no longer do that as a consequence of what these guys found. Also, SPDY used to do that, and SPDY no longer does that. Basically, compression has been, at this level, was immediately backed off of. Now, it's not news that compression can leak information, that is, sort of generically. It's been well understood for many, many years that compression and privacy were at odds with each other for exactly the reasons I explained last week, which is because the amount of compression you get is a direct function of what you're compressing, if the bad guys have any control over what is being compressed, that allows them to probe for what they don't know, what they don't have control over, which they're trying to determine.* On Tuesday, March 8, 2011 7:58:24 AM UTC-5, kiran wrote: > > > Hi > I have enabled gzip compression on tomcat container level and it is > working fine with Firefox. i have verified through both Firebug and YSlow. > The html which is 2.3 MB got reduced to 456 KB. When i verified the same in > chrome developer tools it is still 2.3 MB. Both the request headers and > response headers say gzip is accepted. > Can you please help me in finding the issue? > > > 1. Request URL: > > > http://localhost:8080/compliancesearch/5755C864DE30FF32B0F12508E959494A.cache.html > 2. Request Method: > GET > 3. Status Code: > 200 OK > 4. Request Headers > 1. Accept: > > > application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 > 2. Accept-Charset: > ISO-8859-1,utf-8;q=0.7,*;q=0.3 > 3. Accept-Encoding: > gzip,deflate,sdch > 4. Accept-Language: > en-US,en;q=0.8 > 5. Connection: > keep-alive > 6. Cookie: > JSESSIONID=B62679F3847B87A37BA6410ECBD5BD07 > 7. Host: > localhost:8080 > 8. Referer: > http://localhost:8080/compliancesearch/ > 9. User-Agent: > Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 > (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13 > 5. Response Headers > 1. Accept-Ranges: > bytes > 2. Content-Encoding: > gzip > 3. Content-Type: > text/html > 4. Date: > Tue, 08 Mar 2011 11:51:19 GMT > 5. ETag: > W/"2792238-1298978332097" > 6. Expires: > Thu, 15 Apr 2012 20:00:00 GMT > 7. Last-Modified: > Tue, 01 Mar 2011 11:18:52 GMT > 8. Server: > Apache-Coyote/1.1 > 9. Transfer-Encoding: > chunked > 10. Vary: > Accept-Encoding > > > > Thanks & Regards, > Kiran Kumar > > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/IRdiJ8fX8wsJ. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
