Conversation
Added Brotli and Gzip response compression to the ASP.NET Core app with optimal compression levels. Registered providers in service configuration and enabled middleware to improve performance and reduce bandwidth usage.
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
|
Test & Coverage ReportTest Results Summary
Code CoverageUnit Tests Coverage
Minimum allowed line rate is Module Tests Coverage
|
There was a problem hiding this comment.
Pull request overview
Adds HTTP response compression to AAS.TwinEngine.Plugin.TestPlugin to reduce bandwidth usage and improve response performance for clients.
Changes:
- Registers Brotli and Gzip response compression providers and configures both to
CompressionLevel.Optimal. - Enables response compression for HTTPS traffic.
- Adds
UseResponseCompression()to the middleware pipeline.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| _ = builder.Services.AddResponseCompression(options => | ||
| { | ||
| options.EnableForHttps = true; | ||
| options.Providers.Add<BrotliCompressionProvider>(); | ||
| options.Providers.Add<GzipCompressionProvider>(); | ||
| }); | ||
| _ = builder.Services.Configure<BrotliCompressionProviderOptions>(options => options.Level = CompressionLevel.Optimal); | ||
| _ = builder.Services.Configure<GzipCompressionProviderOptions>(options => options.Level = CompressionLevel.Optimal); |
There was a problem hiding this comment.
New code uses discard assignments (_ = ...) for service registration, but the rest of this Program.cs uses direct calls (e.g., builder.Services.AddControllers()). This inconsistency makes the startup code harder to scan and suggests two different style conventions in the same file. Consider removing the discards here (or applying the same pattern consistently throughout this file).
| _ = builder.Services.AddResponseCompression(options => | |
| { | |
| options.EnableForHttps = true; | |
| options.Providers.Add<BrotliCompressionProvider>(); | |
| options.Providers.Add<GzipCompressionProvider>(); | |
| }); | |
| _ = builder.Services.Configure<BrotliCompressionProviderOptions>(options => options.Level = CompressionLevel.Optimal); | |
| _ = builder.Services.Configure<GzipCompressionProviderOptions>(options => options.Level = CompressionLevel.Optimal); | |
| builder.Services.AddResponseCompression(options => | |
| { | |
| options.EnableForHttps = true; | |
| options.Providers.Add<BrotliCompressionProvider>(); | |
| options.Providers.Add<GzipCompressionProvider>(); | |
| }); | |
| builder.Services.Configure<BrotliCompressionProviderOptions>(options => options.Level = CompressionLevel.Optimal); | |
| builder.Services.Configure<GzipCompressionProviderOptions>(options => options.Level = CompressionLevel.Optimal); |
| { | ||
| options.EnableForHttps = true; | ||
| options.Providers.Add<BrotliCompressionProvider>(); |
There was a problem hiding this comment.
Enabling response compression for HTTPS (EnableForHttps = true) can increase exposure to BREACH-style attacks if any endpoints reflect secrets into responses while an attacker can influence part of the plaintext. Please confirm this service doesn’t return sensitive reflected content (tokens, secrets, CSRF values, etc.), or limit compression to non-sensitive content types/endpoints (and consider making this setting environment-configurable).
| _ = builder.Services.Configure<BrotliCompressionProviderOptions>(options => options.Level = CompressionLevel.Optimal); | ||
| _ = builder.Services.Configure<GzipCompressionProviderOptions>(options => options.Level = CompressionLevel.Optimal); |
There was a problem hiding this comment.
CompressionLevel.Optimal for both Brotli and Gzip can be CPU-expensive and may increase latency under load; for APIs it’s common to use a faster level (or make the level configurable per environment). Consider switching to a faster default and/or reading the level from configuration so it can be tuned without code changes.
This pull request adds support for HTTP response compression to improve performance and reduce bandwidth usage in the
AAS.TwinEngine.Plugin.TestPluginapplication. The main changes involve configuring Brotli and Gzip compression providers and enabling response compression for HTTPS traffic.Response Compression Enhancements:
Program.csstartup logic, enabling compression for HTTPS responses and setting both providers to use optimal compression level.