Ktor provides the capability to compress outgoing content by using the Compression feature. You can use different compression algorithms, including
deflate, specify the required conditions for compressing data (such as a content type or response size), or even compress data based on specific request parameters.
To install the
Compression feature, pass it to the
install function in the application initialization code. This can be the
main function ...
... or a specified module:
This enables the
identity encoders on a server. In the next chapter, we'll see how to enable only specific encoders and configure conditions for compressing data.
Configure compression settings
You can configure compression in multiple ways: enable only specific encoders, specify their priorities, compress only specific content types, and so on.
Add specific encoders
To enable only specific encoders, call the corresponding extension functions, for example:
You can specify the priority for each compression algorithm by establishing the
In the example above,
deflate has a higher priority value and takes precedence over
gzip. Note that the server first looks at the quality values within the Accept-Encoding header and then takes into account the specified priorities.
Configure content type
By default, Ktor doesn't compress specific content types, such as
Configure response size
Compression feature allows you to disable compression for responses whose size doesn't exceed the specified value. To do this, pass the desired value (in bytes) to the minimumSize function:
Specify custom conditions
If necessary, you can provide a custom condition using the condition function and compress data depending on the specific request parameters. The code snippet below shows how to compress requests for the specified URI:
HTTPS with the enabled compression is vulnerable to the BREACH attack. You can use various ways to mitigate this attack. For example, you can disable compression whenever the referrer header indicates a cross-site request. In Ktor, this can be done by checking the referrer header value: