It looks as though when gzip is enabled in the configuration options, gzip is enabled blindly for all responses without properly checking the Accept-Encoding
http headers.
Since there are many applications and utilities which do not fully implement the most common compression algorithms, I strongly urge adding in a check that only compresses when the client can accept it. If other compression algorithms are used by this library, I would recommend checking those too. I do not use this library myself, so I do not have first hand experience with what aero supports.
For example, curl
by default doesn't do compression, and will only decompress gzip
content when the compressed
flag is specified (at least on my system.)
$ curl -q -v localhost
* Rebuilt URL to: localhost:80/
* Trying ::1...
* Connected to localhost (::1) port 80 (#0)
> GET / HTTP/1.1
> Host: example.com
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Cache-Control: must-revalidate
< Content-Encoding: gzip
< Content-Length: 3885
< Content-Type: text/html; charset=utf-8
< Etag: 665b19f6de0a7de
< Referrer-Policy: no-referrer
< X-Content-Type-Options: nosniff
< X-Xss-Protection: 1; mode=block
< Date: Tue, 30 Jan 2018 13:27:01 GMT
<
�� n����;ے�6��������HQ�Vw[R���Ɠ��I��N*�2�G"� @��ԲJ����_��+I]�v��}�NE������Hϟ�ۏ����OߢRUt1�b����E�y �X��Q���(��l
�E�����3�~�B-9%|>�@�
�F
Wp�� lj.T�r��0u�mH�����$��t��"�TM���S��%��F���;�H���3
�[�Q�V�2��V���_J@�&
�x�/Q�E�g������.
�Y����
<8ZW
[...]
Using the --compressed
curl flag:
[core] [~]# curl -v --compressed localhost
* Rebuilt URL to: localhost:80/
* Trying ::1...
* Connected to localhost (::1) port 80 (#0)
> GET / HTTP/1.1
> Host: example.com
> User-Agent: curl/7.47.0
> Accept: */*
> Accept-Encoding: deflate, gzip
>
< HTTP/1.1 200 OK
< Cache-Control: must-revalidate
< Content-Encoding: gzip
< Content-Length: 3885
< Content-Type: text/html; charset=utf-8
< Etag: 665b19f6de0a7de
< Referrer-Policy: no-referrer
< X-Content-Type-Options: nosniff
< X-Xss-Protection: 1; mode=block
< Date: Tue, 30 Jan 2018 13:30:51 GMT
<
<!DOCTYPE html><html lang='en'><head><title>
[...]
An example of gunzip
'ing the output, when curl isn't told it should be requesting compression..
[core] [~]# curl -v localhost | gunzip
* Rebuilt URL to: localhost:80/
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying ::1...
* Connected to localhost (::1) port 80 (#0)
> GET / HTTP/1.1
> Host: example.com
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Cache-Control: must-revalidate
< Content-Encoding: gzip
< Content-Length: 3885
< Content-Type: text/html; charset=utf-8
< Etag: 665b19f6de0a7de
< Referrer-Policy: no-referrer
< X-Content-Type-Options: nosniff
< X-Xss-Protection: 1; mode=block
< Date: Tue, 30 Jan 2018 13:31:57 GMT
<
{ [3885 bytes data]
100 3885 100 3885 0 0 4857k 0 --:--:-- --:--:-- --:--:-- 3793k
* Connection #0 to host localhost left intact
<!DOCTYPE html><html lang='en'><head><title>
[...]
At this time, it's unlikely servers running aero will properly work with legacy/older/more basic clients.