From 563fec734912d81cd7caea6fa8ec2b397fb72a9b Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Thu, 3 Apr 2014 13:03:16 +0300
Subject: [PATCH] Disable compression to prevent BREACH attack

---
 lib/support/nginx/gitlab | 3 +++
 1 file changed, 3 insertions(+), 0 deletions(-)

diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab
index 5bff362..6b31dbd 100644
--- a/lib/support/nginx/gitlab
+++ b/lib/support/nginx/gitlab
@@ -42,6 +42,9 @@ server {
   # if a file, which is not found in the root folder is requested,
   # then the proxy pass the request to the upsteam (gitlab unicorn)
   location @gitlab {
+    # We need this to prevent BREACH attack
+    gzip off;
+
     proxy_read_timeout 300; # Some requests take more than 30 seconds.
     proxy_connect_timeout 300; # Some requests take more than 30 seconds.
     proxy_redirect     off;
--
libgit2 0.21.2