Issue #3260401 by idebr, Spokje, Akram Khan, mcdruid, longwave, alexpott: Google is abandoning FLoC - so remove the header

core/assets/scaffold/files/default.settings.php

@@ -616,21 +616,6 @@ $settings['update_free_access'] = FALSE;
 # ini_set('pcre.backtrack_limit', 200000);
 # ini_set('pcre.recursion_limit', 200000);
 
-/**
- * Add Permissions-Policy header to disable Google FLoC.
- *
- * By default, Drupal sends the 'Permissions-Policy: interest-cohort=()' header
- * to disable Google's Federated Learning of Cohorts feature, introduced in
- * Chrome 89.
- *
- * See https://en.wikipedia.org/wiki/Federated_Learning_of_Cohorts for more
- * information about FLoC.
- *
- * If you don't wish to disable FLoC in Chrome, you can set this value
- * to FALSE.
- */
-# $settings['block_interest_cohort'] = TRUE;
-
 /**
  * Configuration overrides.
  *

core/lib/Drupal/Core/EventSubscriber/FinishResponseSubscriber.php

@@ -125,11 +125,6 @@ class FinishResponseSubscriber implements EventSubscriberInterface {
     $response->headers->set('X-Content-Type-Options', 'nosniff', FALSE);
     $response->headers->set('X-Frame-Options', 'SAMEORIGIN', FALSE);
 
-    // Add a Permissions-Policy header to block Federated Learning of Cohorts.
-    if (Settings::get('block_interest_cohort', TRUE) && !$response->headers->has('Permissions-Policy')) {
-      $response->headers->set('Permissions-Policy', 'interest-cohort=()');
-    }
-
     // If the current response isn't an implementation of the
     // CacheableResponseInterface, we assume that a Response is either
     // explicitly not cacheable or that caching headers are already set in

core/lib/Drupal/Core/Site/Settings.php

@@ -37,7 +37,12 @@ final class Settings {
    *
    * @see self::handleDeprecations()
    */
-  private static $deprecatedSettings = [];
+  private static $deprecatedSettings = [
+    'block_interest_cohort' => [
+      'replacement' => '',
+      'message' => 'The "block_interest_cohort" setting is deprecated in drupal:9.5.0. This setting should be removed from the settings file, since its usage has been removed. See https://www.drupal.org/node/3320787.',
+    ],
+  ];
 
   /**
    * Constructor.

core/tests/Drupal/KernelTests/Core/Http/BlockInterestCohortTest.php

@@ -1,83 +0,0 @@
-<?php
-
-namespace Drupal\KernelTests\Core\Http;
-
-use Drupal\Core\Site\Settings;
-use Drupal\KernelTests\KernelTestBase;
-use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\HttpKernel\Event\ResponseEvent;
-use Symfony\Component\HttpKernel\HttpKernelInterface;
-
-/**
- * Tests the Permissions-Policy header added by FinishResponseSubscriber.
- *
- * @group Http
- */
-class BlockInterestCohortTest extends KernelTestBase {
-
-  /**
-   * Tests that FLoC is blocked by default.
-   */
-  public function testDefaultBlocking() {
-    $request = Request::create('/');
-    $response = \Drupal::service('http_kernel')->handle($request);
-
-    $this->assertSame('interest-cohort=()', $response->headers->get('Permissions-Policy'));
-  }
-
-  /**
-   * Tests that an existing interest-cohort policy is not overwritten.
-   */
-  public function testExistingInterestCohortPolicy() {
-    $headers['Permissions-Policy'] = 'interest-cohort=*';
-
-    $kernel = \Drupal::service('http_kernel');
-    $request = Request::create('/');
-    $response = new Response('', 200, $headers);
-    $event = new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, $response);
-    \Drupal::service('finish_response_subscriber')->onRespond($event);
-
-    $this->assertSame($headers['Permissions-Policy'], $response->headers->get('Permissions-Policy'));
-  }
-
-  /**
-   * Tests that an existing header is not modified.
-   */
-  public function testExistingPolicyHeader() {
-    $headers['Permissions-Policy'] = 'geolocation=()';
-
-    $kernel = \Drupal::service('http_kernel');
-    $request = Request::create('/');
-    $response = new Response('', 200, $headers);
-    $event = new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, $response);
-    \Drupal::service('finish_response_subscriber')->onRespond($event);
-
-    $this->assertSame($headers['Permissions-Policy'], $response->headers->get('Permissions-Policy'));
-  }
-
-  /**
-   * Tests that FLoC blocking is ignored for subrequests.
-   */
-  public function testSubrequestBlocking() {
-    $request = Request::create('/');
-    $response = \Drupal::service('http_kernel')->handle($request, HttpKernelInterface::SUB_REQUEST);
-
-    $this->assertFalse($response->headers->has('Permissions-Policy'));
-  }
-
-  /**
-   * Tests that FLoC blocking can be disabled in settings.php.
-   */
-  public function testDisableBlockSetting() {
-    $settings = Settings::getAll();
-    $settings['block_interest_cohort'] = FALSE;
-    new Settings($settings);
-
-    $request = Request::create('/');
-    $response = \Drupal::service('http_kernel')->handle($request);
-
-    $this->assertFalse($response->headers->has('Permissions-Policy'));
-  }
-
-}

core/tests/Drupal/Tests/Core/Site/SettingsTest.php

@@ -305,7 +305,12 @@ class SettingsTest extends UnitTestCase {
    * Provides data for testRealDeprecatedSettings().
    */
   public function providerTestRealDeprecatedSettings(): array {
-    return [];
+    return [
+      [
+        'block_interest_cohort',
+        'The "block_interest_cohort" setting is deprecated in drupal:9.5.0. This setting should be removed from the settings file, since its usage has been removed. See https://www.drupal.org/node/3320787.',
+      ],
+    ];
   }
 
   /**

sites/default/default.settings.php

@@ -616,21 +616,6 @@ $settings['update_free_access'] = FALSE;
 # ini_set('pcre.backtrack_limit', 200000);
 # ini_set('pcre.recursion_limit', 200000);
 
-/**
- * Add Permissions-Policy header to disable Google FLoC.
- *
- * By default, Drupal sends the 'Permissions-Policy: interest-cohort=()' header
- * to disable Google's Federated Learning of Cohorts feature, introduced in
- * Chrome 89.
- *
- * See https://en.wikipedia.org/wiki/Federated_Learning_of_Cohorts for more
- * information about FLoC.
- *
- * If you don't wish to disable FLoC in Chrome, you can set this value
- * to FALSE.
- */
-# $settings['block_interest_cohort'] = TRUE;
-
 /**
  * Configuration overrides.
  *