Merge branch 'feature/opt-out-of-google-floc' into 'develop'

Add opting out of Google FLoC to HTTPSecurityPlug headers

Closes #2630

See merge request pleroma/pleroma!3393

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9b0678023f9e83f4168555f94f38b5e87bce598c..bfa76a89a2cbfbd25e2634d2d1d7b5730121871a 100644 (file)
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Changed
 
 - The `application` metadata returned with statuses is no longer hardcoded. Apps that want to display these details will now have valid data for new posts after this change.
+- HTTPSecurityPlug now sends a response header to opt out of Google's FLoC (Federated Learning of Cohorts) targeted advertising.
 
 ### Added
 

diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex
index 0025b042a455e0c99e4965fe5997f09d6339cdd7..d1e6cc9d3f03f00c7f19dc475345714641711812 100644 (file)
--- a/lib/pleroma/web/plugs/http_security_plug.ex
+++ b/lib/pleroma/web/plugs/http_security_plug.ex
@@ -48,7 +48,8 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
       {"x-content-type-options", "nosniff"},
       {"referrer-policy", referrer_policy},
       {"x-download-options", "noopen"},
-      {"content-security-policy", csp_string()}
+      {"content-security-policy", csp_string()},
+      {"permissions-policy", "interest-cohort=()"}
     ]
 
     headers =