How can I activate json compression for litespeed web server? - compression

I'm using lottiefiles and want to activate json compression to improve my gtmetrix score... How can I activate that with litespeed web server?
Thank you in advance!

I got this answer from Lucas Rolff at wpcache slack channel:
LiteSpeed does not automatically compress json, neither as gzip or brotli, the default compressed types are:
text/*, application/x-javascript, application/xml, application/javascript, image/svg+xml,application/rss+xml
This can be modified in the LiteSpeed WebAdmin console under Configuration -> Server -> Tuning, if you want to include json (MIME type being application/json), or use the AddOutputFilterByType as in the link above in your htaccess file.
I added application/json in my LiteSpeed WebAdmin console and it is working perfect!

We have updated the default compressible type, MIME type application/json is in the default list now for new installation.

Related

AWS Web Servers some PDF Files don't display on the webpage, instead they automatically download

Good day,
I'm currently trying to display PDF files in an iFrame but for some reason, they just auto-download whenever I visit the links.
Here's a file which auto-downloads:
Here's a file which displays as normal:
The difference between your 2 files is the Content-Type:
The first has Content-Type: application/octet-stream
The second has Content-Type: application/pdf
application/octet-stream is considered an unknown binary file and browsers download it directly (https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types#applicationoctet-stream).
You can fix it by going to the S3 console and changing the first file Content-Type metadata to application/pdf.
More information on editing metadata: https://docs.aws.amazon.com/AmazonS3/latest/userguide/add-object-metadata.html

Cross-Origin Read Blocking (CORB) issue when making img request

I am currently trying to implement this solution here. The solution seems pretty simple and possible since I am the owner of both of the hosts. On mysite1.com I have added the following img tag.
<img src="//mysite1.com.com/cookie_set/" style="display:none;">
On my site2.com (django), I have a view like so:
def cookie_set(request):
response = HttpResponse()
response.set_cookie('my_cookie', value='awesome')
return response
When I release this code live. I get the following error:
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.mysite2.com/cookie_set/ with MIME type text/html. See https://www.chromestatus.com/feature/121212121221 for more details.
I thought that maybe if I just added "Access-Control-Allow-Origin" in my view this might fix things, but according the docs here: https://www.chromium.org/Home/chromium-security/corb-for-developers, there's one more consideration:
For example, it will block a cross-origin text/html response requested from a or tag, replacing it with an empty response instead.
Are my assumptions correct? After adding the correct headers should I just change the content-type to something other than text/html?
Ultimately, my final goal is I would like to set a cookie for a different domain that I have control of (ideally without a redirect).
Best solution: use a different tag for this. (i.e. iframe).
The point behind CORB is to prevent certain tags from being used for XSSI data injection So img tags requests should not return text/html, application/json, or xml content types.
So unless the call to img tag really is for capturing the request itself (for referrer tracking, for example), then you get much more versatility by executing in an iframe anyway (like for SSO-redirection workflows).
See also: Setting third party cookie by using 1x1 <img> tag - Javascript doesn't drop cookie
I fixed this for image files by updating the Content-Type metadata under Properties in S3 - image/jpeg for JPEG files and image/png for PNG files.
My application uploads image files via multer-s3 and it seems it applies Content-Type: 'application/x-www-form-urlencoded'. It has a contentType option with content-type auto-detect feature - this should prevent improper headers and fix the CORB issue.
It seems the latest Chrome 76 version update includes listening to remote file URL headers, specifically Content-Type. CORB was not an issue for other browsers such as Firefox, Safari, and in-app browsers e.g. Instagram.

How to Allow a Site Hosted with Amazon to Be Embedded in an iFrame?

I am fairly inexperienced with AWS so this may be an issue of understanding site structure or intricacies between web hosts.
I used to have a site hosted with HostMonster and was able to allow the site to be referenced from an iFrame on another domain. This was achieved by adding the ALLOW-FROM option to the x-frame-options.
The site was recently moved to AWS. It is using S3, EC2, with Elastic Beanstalk. Now when I try to embed the site I get this error:
Refused to display 'http://example.com' in a frame because it set
'X-Frame-Options' to 'SAMEORIGIN'.
Seems obvious that I have to set this option but I am not clear on how to do so.
I found this forum asking for support for X-Frame-Options. A response from AWS support confirms that S3 does not currently support X-Frame-Options.
Does this mean I am out of luck or am I just barking up the wrong tree?
I've also looked into the aws CORS header setting docs and tried allowing the origin I am embedding from and even tried allowing from * to test.
Additionally I and found this GitHub for making S3 files public. I implemented the policy and configuration they have set there but still get the same error.
If it seems like I've left out anything important please ask me about it. Like I said I'm very new to web development and am still figuring things out.
Edit:
As was pointed out it is interesting that a header with X-Frame-Options is being returned at all. Here is the full response I get when I load the page directly.
Connection:keep-alive
Content-Type:text/html; charset=utf-8
Date:Sun, 19 Jun 2016 00:31:37 GMT
Server:Apache/2.4.16 (Amazon) OpenSSL/1.0.1k-fips mod_wsgi/3.5 Python/2.7.10
transfer-encoding:chunked
X-Frame-Options:SAMEORIGIN
You have to include the enable_mod_deflate.conf file in .ebextensions with the setting "Header always unset X-Frame-Options":
enable_mod_deflate.conf
# mod_deflate configuration
<IfModule mod_deflate.c>
<IfModule mod_headers.c>
# Make surei proxies don't deliver the wrong content
Header always unset X-Frame-Options
</IfModule>
</IfModule>

Why django staticfiles serving svg as application/octet-stream instead of image/svg+xml

I used wagtail-generator with yoeman to generate a wagtail django project and svg files served by django with django.contrib.staticfiles output application/octet-stream mimetype instead of image/svg+xml mimetype which breaks picture rendering.
I tried this solution without success but I'm sure that using something like nginx to serve static files would fix this (did not try yet).
Based on this answer to another of my questions, I can copy wagtail's template in my templates so I can change the admin logo, but it doesn't fix the svg problem ;)
What I'm getting right now:
And here's the response from Chrome network tab in case it could help:
$ wget http://localhost:8000/static/wagtailadmin/images/wagtail-logo.svg
output:
--2014-07-02 16:14:36-- http://localhost:8000/static/wagtailadmin/images/wagtail-logo.svg
Resolving localhost... 127.0.0.1, ::1, fe80::1
Connecting to localhost|127.0.0.1|:8000... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3082 (3.0K) [application/octet-stream]
Saving to: 'wagtail-logo.svg'
100%[=============================================================>] 3,082 --.-K/s in 0.006s
2014-07-02 16:14:36 (466 KB/s) - 'wagtail-logo.svg' saved [3082/3082]

Can I force to display the file in browser rather than download it for a particular sub url?

Can I do this through javascript or modifying the HTTP header?
http://www.example.com/downloads/*
Any files coming out of this should not be auto-download, instead, display on browser. Can I overwrite the rules set by the browser? Can I also set this limit to just this particular sub url?
Thank you.
Thanks.
What type of file are you working with?
This is used through the HTTP header. If the mime type is a certain type, the browser will decide whether to download or display it. You can also force downloading. The file type will help.
For text files, set the content-type to text/plain. For JPEGs, set it to image/jpeg, and for PNGs set it to image/png. This should overwrite any attachment values Django is setting.
You want to use the Content-Disposition header for this. It should any haggling over content-type.
http://www.ietf.org/rfc/rfc2183.txt
The default document type is declared under your server settings, not in how you link to the file. If you are under Apache try looking in httpd.conf for
DefaultType text/plain
If it says something different that may be your problem. text/plain should set all unknowns to download and be viewed in the browser as text.
EDIT:
I don't know any way of modifying this behavior through javascript as it has to be in the header of the file being downloaded.