这些函数的行为受 php.ini 中的设置影响。
The zlib extension offers the option to transparently compress your pages on-the-fly, if the requesting browser supports this. Therefore there are three options in the configuration file php.ini.
| 名字 | 默认 | 可修改范围 | 更新日志 |
|---|---|---|---|
| zlib.output_compression | "0" | PHP_INI_ALL | |
| zlib.output_compression_level | "-1" | PHP_INI_ALL | |
| zlib.output_handler | "" | PHP_INI_ALL |
这是配置指令的简短说明。
zlib.output_compression
bool/int
Whether to transparently compress pages. If this option is set to "On" in php.ini or the Apache configuration, pages are compressed if the browser sends an "Accept-Encoding: gzip" or "deflate" header. "Content-Encoding: gzip" (respectively "deflate") and "Vary: Accept-Encoding" headers are added to the output. In runtime, it can be set only before sending any output.
This option also accepts integer values instead of boolean "On"/"Off", using this you can set the output buffer size (default is 4KB).
Note:
output_handler must be empty if this is set 'On' ! Instead you must use
zlib.output_handler.
zlib.output_compression_level
int
Compression level used for transparent output compression. Specify a value between 0 (no compression) to 9 (most compression). The default value, -1, lets the server decide which level to use.
zlib.output_handler
string
You cannot specify additional output handlers if zlib.output_compression is activated here. This setting does the same as output_handler but in a different order.
Because of possible BREACH attacks when using output compression cross-site scripting should be disallowed. This can be achieved with the same-site cookie attribute:
https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/
https://caniuse.com/#feat=same-site-cookie-attribute
@finlanderid, Exactly. As output_handler and zlib.output_handler cant be both set (as per ""<output_handler must be empty if this is set 'On'>""), "different order" refers to?
finlanderid at gmail dot com,
you are mixing two separate things and consider them to be the same thing, hence the confusion.
There are two output_handlers:
1. http://php.net/manual/en/outcontrol.configuration.php#ini.output-handler
2. http://php.net/manual/en/zlib.configuration.php#ini.zlib.output-handler
Now, if you re-read your quotes again with this information it won't be confusing anymore :)
Does anyone find these two statements contradictory? Am I not understanding something, or are these statements actually contradicting each other?
Statement ONE from output_handler:
"output_handler must be empty if this [zlib.output_compression] is set 'On' ! Instead you must use zlib.output_handler."
Statement TWO from zlib.output_handler:
"You cannot specify additional output handlers if zlib.output_compression is activated ..."
Statement ONE says you have to use zlib.output_handler, if zlib.output_compression is turned ON. Statement TWO says that, if zlib.output_compression is turned ON, you cannot use zlib.output_handler.
what the heck?
In the hopes this will help others - a hard to spot gotcha when implementing zlib.output_compression. if you use flush() anywhere in your script (even right at the end) the compression won't work - you need to let that happen automatically or it ends up being sent uncompressed.
Apparently, there is a bug in certain versions of PHP with setting zlib.output_compression to "On" via ini_set:
<?php
ini_set("zlib.output_compression", "On");
?>
In some cases, it does not send the Content-type header and browsers won't know to decompress the contents before displaying. Instead, you can set it to the buffer size, which sends the correct header:
<?php
ini_set("zlib.output_compression", 4096);
?>