Skip to content

Implement response compression for Testplugin #87

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mm-hsh wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Implement response compression for Testplugin #87

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 14 additions & 1 deletion source/AAS.TwinEngine.Plugin.TestPlugin/Program.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,13 @@
using AAS.TwinEngine.Plugin.TestPlugin.Infrastructure.Monitoring;
using System.IO.Compression;

using AAS.TwinEngine.Plugin.TestPlugin.Infrastructure.Monitoring;
using AAS.TwinEngine.Plugin.TestPlugin.Infrastructure.Providers;
using AAS.TwinEngine.Plugin.TestPlugin.ServiceConfiguration;

using Asp.Versioning;

using Microsoft.AspNetCore.ResponseCompression;

namespace AAS.TwinEngine.Plugin.TestPlugin;

public static class Program
Expand All @@ -14,6 +18,14 @@ public static class Program
public static async Task Main(string[] args)
{
var builder = WebApplication.CreateBuilder(args);
_ = builder.Services.AddResponseCompression(options =>
{
options.EnableForHttps = true;
options.Providers.Add<BrotliCompressionProvider>();
Comment on lines +22 to +24
Copy link

Copilot AI Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Enabling response compression for HTTPS (EnableForHttps = true) can increase exposure to BREACH-style attacks if any endpoints reflect secrets into responses while an attacker can influence part of the plaintext. Please confirm this service doesn’t return sensitive reflected content (tokens, secrets, CSRF values, etc.), or limit compression to non-sensitive content types/endpoints (and consider making this setting environment-configurable).

Copilot uses AI. Check for mistakes.
options.Providers.Add<GzipCompressionProvider>();
});
_ = builder.Services.Configure<BrotliCompressionProviderOptions>(options => options.Level = CompressionLevel.Optimal);
_ = builder.Services.Configure<GzipCompressionProviderOptions>(options => options.Level = CompressionLevel.Optimal);
Comment on lines +21 to +28
Copy link

Copilot AI Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New code uses discard assignments (_ = ...) for service registration, but the rest of this Program.cs uses direct calls (e.g., builder.Services.AddControllers()). This inconsistency makes the startup code harder to scan and suggests two different style conventions in the same file. Consider removing the discards here (or applying the same pattern consistently throughout this file).

Suggested change
_ = builder.Services.AddResponseCompression(options =>
{
options.EnableForHttps = true;
options.Providers.Add<BrotliCompressionProvider>();
options.Providers.Add<GzipCompressionProvider>();
});
_ = builder.Services.Configure<BrotliCompressionProviderOptions>(options => options.Level = CompressionLevel.Optimal);
_ = builder.Services.Configure<GzipCompressionProviderOptions>(options => options.Level = CompressionLevel.Optimal);
builder.Services.AddResponseCompression(options =>
{
options.EnableForHttps = true;
options.Providers.Add<BrotliCompressionProvider>();
options.Providers.Add<GzipCompressionProvider>();
});
builder.Services.Configure<BrotliCompressionProviderOptions>(options => options.Level = CompressionLevel.Optimal);
builder.Services.Configure<GzipCompressionProviderOptions>(options => options.Level = CompressionLevel.Optimal);

Copilot uses AI. Check for mistakes.
Comment on lines +27 to +28
Copy link

Copilot AI Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CompressionLevel.Optimal for both Brotli and Gzip can be CPU-expensive and may increase latency under load; for APIs it’s common to use a faster level (or make the level configurable per environment). Consider switching to a faster default and/or reading the level from configuration so it can be tuned without code changes.

Copilot uses AI. Check for mistakes.

builder.ConfigureLogging(builder.Configuration);

Expand Down Expand Up @@ -52,6 +64,7 @@ public static async Task Main(string[] args)
initializer.Initialize(CancellationToken.None);
}

app.UseResponseCompression();
app.UseExceptionHandler();
app.UseHttpsRedirection();
app.UseAuthorization();
Expand Down
Loading