Add HTTP header to explicitly opt out of FLoC by default (#16036)

author Claire <claire.github-309c@sitedethib.com>

Tue, 13 Apr 2021 21:43:41 +0000 (23:43 +0200)

committer GitHub <noreply@github.com>

Tue, 13 Apr 2021 21:43:41 +0000 (23:43 +0200)
author Claire <claire.github-309c@sitedethib.com>
Tue, 13 Apr 2021 21:43:41 +0000 (23:43 +0200)
committer GitHub <noreply@github.com>
Tue, 13 Apr 2021 21:43:41 +0000 (23:43 +0200)
diff --git a/config/environments/production.rb b/config/environments/production.rb

index 6df0a336513a383a797d83dc74463d5cdcda62f8..22be14749589c351399c64060fd48915df257661 100644 (file)
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -116,6 +116,7 @@ Rails.application.configure do
      'X-Frame-Options'        => 'DENY',
      'X-Content-Type-Options' => 'nosniff',
      'X-XSS-Protection'       => '1; mode=block',
+    'Permissions-Policy'     => 'interest-cohort=()',
    }
  
    config.x.otp_secret = ENV.fetch('OTP_SECRET')
author	Claire <claire.github-309c@sitedethib.com>
	Tue, 13 Apr 2021 21:43:41 +0000 (23:43 +0200)
committer	GitHub <noreply@github.com>
	Tue, 13 Apr 2021 21:43:41 +0000 (23:43 +0200)