From 2d714aadfe29898e8f29060835cf32b1f977da8f Mon Sep 17 00:00:00 2001 From: Thomas Bille <toto@canonical.com> Date: Thu, 15 Apr 2021 11:24:45 +0100 Subject: [PATCH 1/2] Disable interest-cohort for privacy reasons --- canonicalwebteam/flask_base/app.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/canonicalwebteam/flask_base/app.py b/canonicalwebteam/flask_base/app.py index fc1597d..0c50caf 100644 --- a/canonicalwebteam/flask_base/app.py +++ b/canonicalwebteam/flask_base/app.py @@ -125,6 +125,18 @@ def set_cache_control_headers(response): return response +def set_permissions_policy_headers(response): + """ + Sets default permissions policies. This disable some browsers features + and APIs. + """ + # Disabling interest-cohort for privacy reasons. + # https://wicg.github.io/floc/ + response.headers["Permissions-Policy"] = "interest-cohort=()" + + return response + + class FlaskBase(flask.Flask): def __init__( self, @@ -173,6 +185,7 @@ def __init__( self.after_request(set_security_headers) self.after_request(set_cache_control_headers) + self.after_request(set_permissions_policy_headers) self.context_processor(base_context) From 18ac7756af28aac770c8ee7e4bc83fc67ed96430 Mon Sep 17 00:00:00 2001 From: Thomas Bille <toto@canonical.com> Date: Thu, 15 Apr 2021 17:18:31 +0100 Subject: [PATCH 2/2] Bump to version 0.9.0 --- CHANGELOG.md | 4 ++++ setup.py | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e1ce0b0..1315c52 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +# 0.9.0 (2021-04-15) + +Add header: `Permissions-Policy: interest-cohort=()` that disables FLoC for privacy reasons. + # 0.8.0 (2021-03-19) Change default caching headers to `cache-control: max-age=60, stale-while-revalidate=86400, stale-if-error=300`. diff --git a/setup.py b/setup.py index 97dd21b..f07ed0f 100755 --- a/setup.py +++ b/setup.py @@ -4,7 +4,7 @@ setup( name="canonicalwebteam.flask-base", - version="0.8.0", + version="0.9.0", description=( "Flask extension that applies common configurations" "to all of webteam's flask apps."