I'm trying to serve a gzipped version of a text/html page in Django, but Firefox is telling me there's a content encoding error.
NOTES:
Here's my code:
rendered_page = zlib.compress(template.render(context).encode('utf-8'))
response = HttpResponse(rendered_page)
response['Content-Encoding'] = 'gzip'
response['Content-Length'] = len(rendered_page)
return response
Am I missing something here? Is it possible that the content length is wrong? Are there additional headers I'm missing?
Thanks.
You could also simply use Django's GZip Middleware:
Either by enabling the middleware in settings.py by adding:
MIDDLEWARE_CLASSES = (
django.middleware.gzip.GZipMiddleware,
...
)
Or do it before you return a particular response. In your views.py, dec would be the handler for a certain url
from django.middleware.gzip import GZipMiddleware
gzip_middleware = GZipMiddleware()
def dec(request, *args, **kwargs):
response = func(request, *args, **kwargs)
return gzip_middleware.process_response(request, response)
return dec
NOTE: You should be certain you are not subject to side-channel attacks before using GZip middleware.
Warning
Security researchers recently revealed that when compression techniques (including GZipMiddleware) are used on a website, the site may become exposed to a number of possible attacks. Before using GZipMiddleware on your site, you should consider very carefully whether you are subject to these attacks. If you’re in any doubt about whether you’re affected, you should avoid using GZipMiddleware. For more details, see the the BREACH paper (PDF) and breachattack.com.
Also:
Changed in Django 1.10: In older versions, Django’s CSRF protection mechanism was vulnerable to BREACH attacks when compression was used. This is no longer the case, but you should still take care not to compromise your own secrets this way.