Merge pull request #46 from tbille/disable-floc

Disable interest-cohort for privacy reasons
canonical · Apr 15, 2021 · 424a791 · 424a791
2 parents 6a5b0cb + 18ac775
commit 424a791
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+# 0.9.0 (2021-04-15)
+
+Add header: `Permissions-Policy: interest-cohort=()` that disables FLoC for privacy reasons.
+
 # 0.8.0 (2021-03-19)
 
 Change default caching headers to `cache-control: max-age=60, stale-while-revalidate=86400, stale-if-error=300`.

diff --git a/canonicalwebteam/flask_base/app.py b/canonicalwebteam/flask_base/app.py
@@ -125,6 +125,18 @@ def set_cache_control_headers(response):
     return response
 
 
+def set_permissions_policy_headers(response):
+    """
+    Sets default permissions policies. This disable some browsers features
+    and APIs.
+    """
+    # Disabling interest-cohort for privacy reasons.
+    # https://wicg.github.io/floc/
+    response.headers["Permissions-Policy"] = "interest-cohort=()"
+
+    return response
+
+
 class FlaskBase(flask.Flask):
     def __init__(
         self,
@@ -173,6 +185,7 @@ def __init__(
 
         self.after_request(set_security_headers)
         self.after_request(set_cache_control_headers)
+        self.after_request(set_permissions_policy_headers)
 
         self.context_processor(base_context)
 

diff --git a/setup.py b/setup.py
@@ -4,7 +4,7 @@
 
 setup(
     name="canonicalwebteam.flask-base",
-    version="0.8.0",
+    version="0.9.0",
     description=(
         "Flask extension that applies common configurations"
         "to all of webteam's flask apps."