Skip to content

Backport upstream changes from GzipMiddleware #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Backport upstream changes from GzipMiddleware #17

wants to merge 1 commit into from

Conversation

@bartvanandel
Copy link

@bartvanandel bartvanandel commented Mar 3, 2025
edited
Loading

Rebase middleware on current GzipMiddleware from Django 5.1.

This includes Heal The Breach (HTB), a guard against HTTPS BREACH attacks, and adds support for async responses.

With some minor changes to ensure backward compatibility with older Django versions. The earliest tested versions are Python 3.9 (current oldest non-EOL Python version) and Django 4.0 (which is actually already EOL).

Fixes #18
@bartvanandel bartvanandel changed the title Support async response Backport upstream changes from GzipMiddleware Mar 3, 2025
@bartvanandel bartvanandel mentioned this pull request Mar 6, 2025
Open
@bartvanandel
Copy link
Author

bartvanandel commented Apr 4, 2025

@friedelwolff Would you have time to take a look?
@bartvanandel
feat: support async response
08696bd 
- Re-align CompressionMiddleware code with GzipMiddleware from Django 5.1. This adds support for async responses, and implements Heal The Breach (HTB), a guard against HTTPS BREACH attack - Apply some checks to ensure backward compatibility with older Django versions
@bartvanandel
Copy link
Author

bartvanandel commented Apr 10, 2025

Note: this will break support for ancient Django 3, but that one has been EOL for so long it doesn't even show up on endoflife.data/django by default. Hint: support for 3.2 LTS ended on 01 April 2024.

There's a PR regarding version support (#14) but at the moment this still includes Django 3.2. I'd suggest removing this as a supported version, updating django-compression-middleware won't be the highest priority for users who are still stuck with that version anyway.
@bartvanandel
Copy link
Author

bartvanandel commented Jul 14, 2025

@friedelwolff Are you still maintaining this package?
@mhindery
Copy link

mhindery commented Sep 10, 2025
edited
Loading

I'm interested in having the async-compatible and up-to-date version as well. Since it does not look like @friedelwolff is maintaining this anymore, would it be an option to fork it and apply the open PR's to that new version? In the longer term, the project could be transfered to https://jazzband.co/ in order to hopefully make it easier for people to contribute? What do you think @bartvanandel , if you are still interested in contributing?
@bartvanandel
Copy link
Author

bartvanandel commented Sep 10, 2025

Absolutely, be my guest and take advantage of the code I've contributed, it was always intended to be used!

Personally, I'm not using this package at the moment. Lack of maintenance of various packages (and lack of responsiveness after contributing PRs etc) has been one of the reasons for us to move away from Django and Python in general. So, sounds to me like Jazzband could be a good initiative to actually keep things afloat.
This was referenced Sep 10, 2025
Closed
Merged
@mhindery
Copy link

mhindery commented Sep 10, 2025

I have forked the project, and applied your diff to it (together with some other updates like in the other PR to bump some versions of Django and Python). Thanks!

It can be found on https://github.com/mhindery/dj-compression-middleware and is published on Pypi on https://pypi.org/project/dj-compression-middleware/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants

@bartvanandel @mhindery