[3.9][Privacy] Block usage of FLoC by default

administrator/components/com_admin/sql/updates/mysql/3.9.27-2021-04-20.sql

@@ -0,0 +1,3 @@
+INSERT INTO `#__postinstall_messages` (`extension_id`, `title_key`, `description_key`, `language_extension`, `language_client_id`, `type`, `version_introduced`, `enabled`)
+VALUES
+(700, 'COM_ADMIN_POSTINSTALL_MSG_GOOGLE_FLOC_BLOCKER_TITLE', 'COM_ADMIN_POSTINSTALL_MSG_GOOGLE_FLOC_BLOCKER_DESCRIPTION', 'com_admin', 1, 'message', '3.9.27', 1);

administrator/components/com_admin/sql/updates/postgresql/3.9.27-2021-04-20.sql

@@ -0,0 +1,3 @@
+INSERT INTO "#__postinstall_messages" ("extension_id", "title_key", "description_key", "language_extension", "language_client_id", "type", "version_introduced", "enabled")
+VALUES
+(700, 'COM_ADMIN_POSTINSTALL_MSG_GOOGLE_FLOC_BLOCKER_TITLE', 'COM_ADMIN_POSTINSTALL_MSG_GOOGLE_FLOC_BLOCKER_DESCRIPTION', 'com_admin', 1, 'message', '3.9.27', 1);

administrator/components/com_admin/sql/updates/sqlazure/3.9.27-2021-04-20.sql

@@ -0,0 +1,3 @@
+INSERT INTO [#__postinstall_messages] ([extension_id], [title_key], [description_key], [language_extension], [language_client_id], [type], [version_introduced], [enabled])
+VALUES
+(700, 'COM_ADMIN_POSTINSTALL_MSG_GOOGLE_FLOC_BLOCKER_TITLE', 'COM_ADMIN_POSTINSTALL_MSG_GOOGLE_FLOC_BLOCKER_DESCRIPTION', 'com_admin', 1, 'message', '3.9.27', 1);

administrator/components/com_config/model/form/application.xml

@@ -1208,6 +1208,19 @@
 
 		</field>
 
+		<field
+			name="block_floc"
+			type="radio"
+			label="COM_CONFIG_FIELD_FLOC_BLOCKER_LABEL"
+			description="COM_CONFIG_FIELD_FLOC_BLOCKER_DESC"
+			class="btn-group btn-group-yesno"
+			default="1"
+			filter="integer"
+			>
+			<option value="1">JYES</option>
+			<option value="0">JNO</option>
+		</field>
+
 	</fieldset>
 
 	<fieldset

administrator/language/en-GB/en-GB.com_admin.ini

@@ -139,6 +139,8 @@ COM_ADMIN_PLATFORM_VERSION="Joomla! Platform Version"
 COM_ADMIN_POSTINSTALL_MSG_BEHIND_LOAD_BALANCER_ACTION="Enable Behind Load Balancer Setting"
 COM_ADMIN_POSTINSTALL_MSG_BEHIND_LOAD_BALANCER_DESCRIPTION="<p>For Joomla sites hosted behind Load Balancers and Reverse Proxies a new Global Configuration setting has been introduced with Joomla 3.9.26</p><p>This setting, when enabled, will allow your Load Balancer/Reverse Proxy to provide the real IP address of your visitors. This IP will then be used in your Action Logs and used for tracking voting on articles (if these features are enabled).</p><p><strong>Only sites behind a Load Balancer/Reverse Proxy will wish to enable this feature.</strong></p>"
 COM_ADMIN_POSTINSTALL_MSG_BEHIND_LOAD_BALANCER_TITLE="New Server Setting \"Behind Load Balancer\""
+COM_ADMIN_POSTINSTALL_MSG_GOOGLE_FLOC_BLOCKER_DESCRIPTION="Google is introducing a replacement for third party tracking cookies, a feature named Federated Learning of Cohorts (FLoC). You can read more about it <a href="https://github.com/WICG/floc">here</a>. The Joomla! project believes this feature to be problematic and against the interests of our users, both the owners of Joomla!-powered sites, as well as their visitors. We do follow the EFF in their <a href="https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea">assessment</a> and have added a feature to block this technology on all Joomla sites. This feature has been enabled by default. If you disagree with this decision and want to allow FLoC for your website, you can disable it from the Global Configuration."
+COM_ADMIN_POSTINSTALL_MSG_GOOGLE_FLOC_BLOCKER_TITLE="Block Federated Learning of Cohorts (FLoC)"
 COM_ADMIN_POSTINSTALL_MSG_HTACCESS_AUTOINDEX_DESCRIPTION="<p>Before 3.9.22 the default htaccess.txt file contained erroneous code meant for disabling directory listings. The security team recommends to manually apply the necessary changes to any existing .htaccess file, as this file can not be updated automatically.</p><p>The old code:</p><pre>&lt;IfModule autoindex&gt;\n  IndexIgnore *\n&lt;/IfModule&gt;</pre><p>The new code:</p><pre>&lt;IfModule mod_autoindex.c&gt;\n  IndexIgnore *\n&lt;/IfModule&gt;</pre>"
 COM_ADMIN_POSTINSTALL_MSG_HTACCESS_AUTOINDEX_TITLE=".htaccess Update Concerning Directory Listings"
 COM_ADMIN_REGISTER_GLOBALS="Register Globals"

administrator/language/en-GB/en-GB.com_config.ini

@@ -93,6 +93,8 @@ COM_CONFIG_FIELD_FILTERS_CUSTOM_BLACK_LIST="Custom Blacklist"
 COM_CONFIG_FIELD_FILTERS_NO_HTML="No HTML"
 COM_CONFIG_FIELD_FILTERS_NO_FILTER="No Filtering"
 COM_CONFIG_FIELD_FILTERS_WHITE_LIST="Whitelist"
+COM_CONFIG_FIELD_FLOC_BLOCKER_DESC="Send a header to not support the tracking through the FLoC method proposed by Google."
+COM_CONFIG_FIELD_FLOC_BLOCKER_LABEL="Block Google FLoC"
 COM_CONFIG_FRONTEDITING_DESC="Select if you want inline editing for modules and menu items (support may depend on your template)."
 COM_CONFIG_FRONTEDITING_LABEL="Inline Editing"
 COM_CONFIG_FRONTEDITING_MENUSANDMODULES="Modules & Menus"

htaccess.txt

@@ -24,6 +24,7 @@
 ## Suppress mime type detection in browsers for unknown types
 <IfModule mod_headers.c>
 Header always set X-Content-Type-Options "nosniff"
+Header always set Permissions-Policy: interest-cohort=()
 </IfModule>
 
 ## Can be commented out if causes errors, see notes above.

libraries/src/Application/CMSApplication.php

@@ -199,6 +199,11 @@ public function enqueueMessage($msg, $type = 'message')
 	 */
 	public function execute()
 	{
+		if ($this->get('block_floc', 1))
+		{
+			$this->setHeader('Permissions-Policy', 'interest-cohort=()', true);
+		}
+
 		// Perform application routines.
 		$this->doExecute();