From 2d714aadfe29898e8f29060835cf32b1f977da8f Mon Sep 17 00:00:00 2001
From: Thomas Bille <toto@canonical.com>
Date: Thu, 15 Apr 2021 11:24:45 +0100
Subject: [PATCH 1/2] Disable interest-cohort for privacy reasons

---
 canonicalwebteam/flask_base/app.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/canonicalwebteam/flask_base/app.py b/canonicalwebteam/flask_base/app.py
index fc1597d..0c50caf 100644
--- a/canonicalwebteam/flask_base/app.py
+++ b/canonicalwebteam/flask_base/app.py
@@ -125,6 +125,18 @@ def set_cache_control_headers(response):
     return response
 
 
+def set_permissions_policy_headers(response):
+    """
+    Sets default permissions policies. This disable some browsers features
+    and APIs.
+    """
+    # Disabling interest-cohort for privacy reasons.
+    # https://wicg.github.io/floc/
+    response.headers["Permissions-Policy"] = "interest-cohort=()"
+
+    return response
+
+
 class FlaskBase(flask.Flask):
     def __init__(
         self,
@@ -173,6 +185,7 @@ def __init__(
 
         self.after_request(set_security_headers)
         self.after_request(set_cache_control_headers)
+        self.after_request(set_permissions_policy_headers)
 
         self.context_processor(base_context)
 

From 18ac7756af28aac770c8ee7e4bc83fc67ed96430 Mon Sep 17 00:00:00 2001
From: Thomas Bille <toto@canonical.com>
Date: Thu, 15 Apr 2021 17:18:31 +0100
Subject: [PATCH 2/2] Bump to version 0.9.0

---
 CHANGELOG.md | 4 ++++
 setup.py     | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e1ce0b0..1315c52 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+# 0.9.0 (2021-04-15)
+
+Add header: `Permissions-Policy: interest-cohort=()` that disables FLoC for privacy reasons.
+
 # 0.8.0 (2021-03-19)
 
 Change default caching headers to `cache-control: max-age=60, stale-while-revalidate=86400, stale-if-error=300`.
diff --git a/setup.py b/setup.py
index 97dd21b..f07ed0f 100755
--- a/setup.py
+++ b/setup.py
@@ -4,7 +4,7 @@
 
 setup(
     name="canonicalwebteam.flask-base",
-    version="0.8.0",
+    version="0.9.0",
     description=(
         "Flask extension that applies common configurations"
         "to all of webteam's flask apps."