From a0b32d5f1b0a5385540dd3480952ff2fb8f7601e Mon Sep 17 00:00:00 2001
From: Laurent Peuch <cortex@worlddomination.be>
Date: Thu, 15 Apr 2021 17:56:09 +0200
Subject: [PATCH] [enh] add header to disallow FLoC

https://diaspodon.fr/@etienne/106070042112522839
---
 data/templates/nginx/security.conf.inc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/data/templates/nginx/security.conf.inc b/data/templates/nginx/security.conf.inc
index 4b4f3fe5b..0d0b74db1 100644
--- a/data/templates/nginx/security.conf.inc
+++ b/data/templates/nginx/security.conf.inc
@@ -33,6 +33,9 @@ more_set_headers "X-Download-Options : noopen";
 more_set_headers "X-Permitted-Cross-Domain-Policies : none";
 more_set_headers "X-Frame-Options : SAMEORIGIN";
 
+# Disable the disaster privacy thing that is FLoC
+more_set_headers "Permissions-Policy : interest-cohort=()";
+
 # Disable gzip to protect against BREACH
 # Read https://trac.nginx.org/nginx/ticket/1720 (text/html cannot be disabled!)
 gzip off;