Merge branch 'feature/opt-out-of-google-floc' into 'develop'

Add opting out of Google FLoC to HTTPSecurityPlug headers

Closes #2630

See merge request pleroma/pleroma!3393
This commit is contained in:
feld 2021-04-19 22:39:52 +00:00
commit 8defbe431e
2 changed files with 3 additions and 1 deletions

View file

@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Changed ### Changed
- The `application` metadata returned with statuses is no longer hardcoded. Apps that want to display these details will now have valid data for new posts after this change. - The `application` metadata returned with statuses is no longer hardcoded. Apps that want to display these details will now have valid data for new posts after this change.
- HTTPSecurityPlug now sends a response header to opt out of Google's FLoC (Federated Learning of Cohorts) targeted advertising.
### Added ### Added

View file

@ -48,7 +48,8 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
{"x-content-type-options", "nosniff"}, {"x-content-type-options", "nosniff"},
{"referrer-policy", referrer_policy}, {"referrer-policy", referrer_policy},
{"x-download-options", "noopen"}, {"x-download-options", "noopen"},
{"content-security-policy", csp_string()} {"content-security-policy", csp_string()},
{"permissions-policy", "interest-cohort=()"}
] ]
headers = headers =