Merge branch 'feature/opt-out-of-google-floc' into 'develop'

Add opting out of Google FLoC to HTTPSecurityPlug headers Closes #2630 See merge request pleroma/pleroma!3393
author: feld <feld@feld.me> 2021-04-19 22:39:52 +0000
committer: feld <feld@feld.me> 2021-04-19 22:39:52 +0000
commit: 8defbe431e0d6f00e4a795fc1c5068d150ce3e44 (patch)
tree: 4a1bbc200fd88e8a8d9960d896c5274280241e2a
parent: 7183655a072375603de46dea341c21b099deed7a (diff)
parent: 2780cdd4e7acde0f4bf4719b7c82bc7e2d1bf3b5 (diff)
2 files changed, 3 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9b0678023..bfa76a89a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Changed
 
 - The `application` metadata returned with statuses is no longer hardcoded. Apps that want to display these details will now have valid data for new posts after this change.
+- HTTPSecurityPlug now sends a response header to opt out of Google's FLoC (Federated Learning of Cohorts) targeted advertising.
 
 ### Added
 
diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex
index 0025b042a..d1e6cc9d3 100644
--- a/lib/pleroma/web/plugs/http_security_plug.ex
+++ b/lib/pleroma/web/plugs/http_security_plug.ex
@@ -48,7 +48,8 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
       {"x-content-type-options", "nosniff"},
       {"referrer-policy", referrer_policy},
       {"x-download-options", "noopen"},
-      {"content-security-policy", csp_string()}
+      {"content-security-policy", csp_string()},
+      {"permissions-policy", "interest-cohort=()"}
     ]
 
     headers =
author	feld <feld@feld.me>	2021-04-19 22:39:52 +0000
committer	feld <feld@feld.me>	2021-04-19 22:39:52 +0000
commit	8defbe431e0d6f00e4a795fc1c5068d150ce3e44 (patch)
tree	4a1bbc200fd88e8a8d9960d896c5274280241e2a
parent	7183655a072375603de46dea341c21b099deed7a (diff)
parent	2780cdd4e7acde0f4bf4719b7c82bc7e2d1bf3b5 (diff)