django-compression-middleware icon indicating copy to clipboard operation
django-compression-middleware copied to clipboard

Published 20 hours ago verified publisher icon friedelwolff

Backport upstream changes from `GzipMiddleware`

Open bartvanandel opened this issue 8 months ago • 2 comments
trafficstars

Rebase middleware on current GzipMiddleware from Django 5.1.

This includes Heal The Breach (HTB), a guard against HTTPS BREACH attacks, and adds support for async responses.

With some minor changes to ensure backward compatibility with older Django versions. The earliest tested versions are Python 3.9 (current oldest non-EOL Python version) and Django 4.0 (which is actually already EOL).

Fixes #18

bartvanandel avatar Mar 03 '25 14:03 bartvanandel

@friedelwolff Would you have time to take a look?

bartvanandel avatar Apr 04 '25 11:04 bartvanandel

Note: this will break support for ancient Django 3, but that one has been EOL for so long it doesn't even show up on endoflife.data/django by default. Hint: support for 3.2 LTS ended on 01 April 2024.

There's a PR regarding version support (#14) but at the moment this still includes Django 3.2. I'd suggest removing this as a supported version, updating django-compression-middleware won't be the highest priority for users who are still stuck with that version anyway.

bartvanandel avatar Apr 10 '25 12:04 bartvanandel

@friedelwolff Are you still maintaining this package?

bartvanandel avatar Jul 14 '25 18:07 bartvanandel

I'm interested in having the async-compatible and up-to-date version as well. Since it does not look like @friedelwolff is maintaining this anymore, would it be an option to fork it and apply the open PR's to that new version? In the longer term, the project could be transfered to https://jazzband.co/ in order to hopefully make it easier for people to contribute? What do you think @bartvanandel , if you are still interested in contributing?

mhindery avatar Sep 10 '25 06:09 mhindery

Absolutely, be my guest and take advantage of the code I've contributed, it was always intended to be used!

Personally, I'm not using this package at the moment. Lack of maintenance of various packages (and lack of responsiveness after contributing PRs etc) has been one of the reasons for us to move away from Django and Python in general. So, sounds to me like Jazzband could be a good initiative to actually keep things afloat.

bartvanandel avatar Sep 10 '25 07:09 bartvanandel

I have forked the project, and applied your diff to it (together with some other updates like in the other PR to bump some versions of Django and Python). Thanks!

It can be found on https://github.com/mhindery/dj-compression-middleware and is published on Pypi on https://pypi.org/project/dj-compression-middleware/

mhindery avatar Sep 10 '25 17:09 mhindery