I have a react app with a pretty large build size, it is deployed on an Nginx server with SSL. I learned a bit about GZip and how it can improve the site's performance. But I also came to know that it is not to safe to use GZip with SSL. GZip is enabled for HTML files by default in Nginx. Should I enable it for other files like Javascript and CSS as well to improve performance ?
You can configure Nginx to use gzip to compress the files it serves on the fly. Those files are then decompressed by the browsers that support it upon retrieval with no loss whatsoever, but with the benefit of a smaller amount of data to transfer between the web server and browser.
NGINX is a powerful tool we can use with React to leverage its awesomeness. Our target server can be any ubuntu server instance like EC2 Instance in AWS or a Droplet in Digital ocean, or even your local machine. There are tons of tutorials on setting up your server in aws or digital ocean.
Compress-create-react-appPerforms gzip and brotli compression for html, css and js files.
GZIP compression allows NGINX server to compress data before sending it to client browser. This reduces data bandwidth, improves website speed and saves server costs.
When you say
it is not to safe to use GZip with SSL
i assume that you are talking about Breach Attack. Well for breach attack to be successful for the compressed response, two conditions need to be satisfied:
When you send compressed js/css files in response, you usually do not reflect user-input in the response. That means calling the js/css file url will only return that file.
Also you usually do not return any sensitive data in the response along with compressed js/css files.
So yeah it is completely safe to use Gzip compression for js/css assets. Static responses are not vulnerable to this attack.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With