Issue #3260401 by idebr, Spokje, Akram Khan, mcdruid, longwave, alexpott: Google is abandoning FLoC - so remove the header

2022-11-17 14:14:31 +00:00 · 2022-11-17 14:14:31 +00:00 · 14b3f0b824
parent 274f8d916c
commit 14b3f0b824
6 changed files with 8 additions and 118 deletions
--- a/core/assets/scaffold/files/default.settings.php
+++ b/core/assets/scaffold/files/default.settings.php
@ -616,21 +616,6 @@ $settings['update_free_access'] = FALSE;
 # ini_set('pcre.backtrack_limit', 200000);
 # ini_set('pcre.recursion_limit', 200000);

-/**
- * Add Permissions-Policy header to disable Google FLoC.
- *
- * By default, Drupal sends the 'Permissions-Policy: interest-cohort=()' header
- * to disable Google's Federated Learning of Cohorts feature, introduced in
- * Chrome 89.
- *
- * See https://en.wikipedia.org/wiki/Federated_Learning_of_Cohorts for more
- * information about FLoC.
- *
- * If you don't wish to disable FLoC in Chrome, you can set this value
- * to FALSE.
- */
-# $settings['block_interest_cohort'] = TRUE;
-
 /**
 * Configuration overrides.
 *
--- a/core/lib/Drupal/Core/EventSubscriber/FinishResponseSubscriber.php
+++ b/core/lib/Drupal/Core/EventSubscriber/FinishResponseSubscriber.php
@ -131,11 +131,6 @@ class FinishResponseSubscriber implements EventSubscriberInterface {
    $response->headers->set('X-Content-Type-Options', 'nosniff', FALSE);
    $response->headers->set('X-Frame-Options', 'SAMEORIGIN', FALSE);

-    // Add a Permissions-Policy header to block Federated Learning of Cohorts.
-    if (Settings::get('block_interest_cohort', TRUE) && !$response->headers->has('Permissions-Policy')) {
-      $response->headers->set('Permissions-Policy', 'interest-cohort=()');
-    }
-
    // If the current response isn't an implementation of the
    // CacheableResponseInterface, we assume that a Response is either
    // explicitly not cacheable or that caching headers are already set in
--- a/core/lib/Drupal/Core/Site/Settings.php
+++ b/core/lib/Drupal/Core/Site/Settings.php
@ -54,6 +54,10 @@ final class Settings {
      'replacement' => 'twig_sandbox_allowed_prefixes',
      'message' => 'The "twig_sandbox_whitelisted_prefixes" setting is deprecated in drupal:9.1.0 and is removed from drupal:10.0.0. Use "twig_sandbox_allowed_prefixes" instead. See https://www.drupal.org/node/3162897.',
    ],
+    'block_interest_cohort' => [
+      'replacement' => '',
+      'message' => 'The "block_interest_cohort" setting is deprecated in drupal:9.5.0. This setting should be removed from the settings file, since its usage has been removed. See https://www.drupal.org/node/3320787.',
+    ],
  ];

  /**
--- a/core/tests/Drupal/KernelTests/Core/Http/BlockInterestCohortTest.php
+++ b/core/tests/Drupal/KernelTests/Core/Http/BlockInterestCohortTest.php
@ -1,83 +0,0 @@
-<?php
-
-namespace Drupal\KernelTests\Core\Http;
-
-use Drupal\Core\Site\Settings;
-use Drupal\KernelTests\KernelTestBase;
-use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\HttpKernel\Event\ResponseEvent;
-use Symfony\Component\HttpKernel\HttpKernelInterface;
-
-/**
- * Tests the Permissions-Policy header added by FinishResponseSubscriber.
- *
- * @group Http
- */
-class BlockInterestCohortTest extends KernelTestBase {
-
-  /**
-   * Tests that FLoC is blocked by default.
-   */
-  public function testDefaultBlocking() {
-    $request = Request::create('/');
-    $response = \Drupal::service('http_kernel')->handle($request);
-
-    $this->assertSame('interest-cohort=()', $response->headers->get('Permissions-Policy'));
-  }
-
-  /**
-   * Tests that an existing interest-cohort policy is not overwritten.
-   */
-  public function testExistingInterestCohortPolicy() {
-    $headers['Permissions-Policy'] = 'interest-cohort=*';
-
-    $kernel = \Drupal::service('http_kernel');
-    $request = Request::create('/');
-    $response = new Response('', 200, $headers);
-    $event = new ResponseEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST, $response);
-    \Drupal::service('finish_response_subscriber')->onRespond($event);
-
-    $this->assertSame($headers['Permissions-Policy'], $response->headers->get('Permissions-Policy'));
-  }
-
-  /**
-   * Tests that an existing header is not modified.
-   */
-  public function testExistingPolicyHeader() {
-    $headers['Permissions-Policy'] = 'geolocation=()';
-
-    $kernel = \Drupal::service('http_kernel');
-    $request = Request::create('/');
-    $response = new Response('', 200, $headers);
-    $event = new ResponseEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST, $response);
-    \Drupal::service('finish_response_subscriber')->onRespond($event);
-
-    $this->assertSame($headers['Permissions-Policy'], $response->headers->get('Permissions-Policy'));
-  }
-
-  /**
-   * Tests that FLoC blocking is ignored for subrequests.
-   */
-  public function testSubrequestBlocking() {
-    $request = Request::create('/');
-    $response = \Drupal::service('http_kernel')->handle($request, HttpKernelInterface::SUB_REQUEST);
-
-    $this->assertFalse($response->headers->has('Permissions-Policy'));
-  }
-
-  /**
-   * Tests that FLoC blocking can be disabled in settings.php.
-   */
-  public function testDisableBlockSetting() {
-    $settings = Settings::getAll();
-    $settings['block_interest_cohort'] = FALSE;
-    new Settings($settings);
-
-    $request = Request::create('/');
-    $response = \Drupal::service('http_kernel')->handle($request);
-
-    $this->assertFalse($response->headers->has('Permissions-Policy'));
-  }
-
-}
--- a/core/tests/Drupal/Tests/Core/Site/SettingsTest.php
+++ b/core/tests/Drupal/Tests/Core/Site/SettingsTest.php
@ -322,6 +322,10 @@ class SettingsTest extends UnitTestCase {
        'twig_sandbox_whitelisted_prefixes',
        'The "twig_sandbox_whitelisted_prefixes" setting is deprecated in drupal:9.1.0 and is removed from drupal:10.0.0. Use "twig_sandbox_allowed_prefixes" instead. See https://www.drupal.org/node/3162897.',
      ],
+      [
+        'block_interest_cohort',
+        'The "block_interest_cohort" setting is deprecated in drupal:9.5.0. This setting should be removed from the settings file, since its usage has been removed. See https://www.drupal.org/node/3320787.',
+      ],
    ];
  }

--- a/sites/default/default.settings.php
+++ b/sites/default/default.settings.php
@ -616,21 +616,6 @@ $settings['update_free_access'] = FALSE;
 # ini_set('pcre.backtrack_limit', 200000);
 # ini_set('pcre.recursion_limit', 200000);

-/**
- * Add Permissions-Policy header to disable Google FLoC.
- *
- * By default, Drupal sends the 'Permissions-Policy: interest-cohort=()' header
- * to disable Google's Federated Learning of Cohorts feature, introduced in
- * Chrome 89.
- *
- * See https://en.wikipedia.org/wiki/Federated_Learning_of_Cohorts for more
- * information about FLoC.
- *
- * If you don't wish to disable FLoC in Chrome, you can set this value
- * to FALSE.
- */
-# $settings['block_interest_cohort'] = TRUE;
-
 /**
 * Configuration overrides.
 *