Closed bwbroersma closed 3 months ago
Because it was mentioned in https://github.com/coreruleset/coreruleset/pull/2357 I checked the use of *
(listed in the HTTP/1.1 - 14.3 Accept-Encoding - RFC 2616), apparently *
doesn't work in practice (at least not with Google or nginx):
$ curl https://www.rijksoverheid.nl/ -H 'Accept-Encoding: gzip, br, zstd' -sSfD- -o/dev/null | grep -i content-encoding
content-encoding: gzip
$ curl https://www.rijksoverheid.nl/ -H 'Accept-Encoding: *' -sSfD- -o/dev/null | grep -i content-encoding
$ curl https://www.google.com/ -H 'Accept-Encoding: gzip, br, zstd' -sSfD- -o/dev/null | grep -i content-encoding
content-encoding: gzip
$ curl https://www.google.com/ -H 'Accept-Encoding: *' -sSfD- -o/dev/null | grep -i content-encoding
Therefore *
is not an option here.
See https://github.com/internetstandards/Internet.nl/issues/1347#issuecomment-2009836511