commit: 8defbe431e0d6f00e4a795fc1c5068d150ce3e44
parent 7183655a072375603de46dea341c21b099deed7a
Author: feld <feld@feld.me>
Date: Mon, 19 Apr 2021 22:39:52 +0000
Merge branch 'feature/opt-out-of-google-floc' into 'develop'
Add opting out of Google FLoC to HTTPSecurityPlug headers
Closes #2630
See merge request pleroma/pleroma!3393
Diffstat:
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Changed
- The `application` metadata returned with statuses is no longer hardcoded. Apps that want to display these details will now have valid data for new posts after this change.
+- HTTPSecurityPlug now sends a response header to opt out of Google's FLoC (Federated Learning of Cohorts) targeted advertising.
### Added
diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex
@@ -48,7 +48,8 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
{"x-content-type-options", "nosniff"},
{"referrer-policy", referrer_policy},
{"x-download-options", "noopen"},
- {"content-security-policy", csp_string()}
+ {"content-security-policy", csp_string()},
+ {"permissions-policy", "interest-cohort=()"}
]
headers =