Hello, Since this FLoC thing from Google (https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea) is opt-out only maybe it's nice if rc-httpd does it by default. diff -r eafb71d27315 rc/bin/rc-httpd/rc-httpd --- a/rc/bin/rc-httpd/rc-httpd Wed Apr 14 20:30:24 2021 -0700 +++ b/rc/bin/rc-httpd/rc-httpd Fri Apr 16 13:13:06 2021 +0000 @@ -3,7 +3,7 @@ path=(/bin $rc_httpd_dir/handlers) cgi_path=/bin SERVER_PORT=80 # default for CGI scripts, may be overridden by the Host header -extra_headers='Server: rc-httpd' +extra_headers=('Server: rc-httpd', 'Permissions-Policy: interest-cohort=()') cr= fn do_log{
I think even if we're iffy on pushing this directly this could at least be added as a comment or documented somewhere obvious, as I'd imagine most people running rc-httpd don't want to partake in google's BS. Being even forced to acknowledge it like this is a little frustrating. I'm running this locally (made the same change independently) and can confirm the header is at least sent (not sure how I'd check if it's functioning as advertised). - sam-d
Although... (from the EFF link posted):
> If you are a website owner, your site will automatically be
> included in FLoC calculations if it accesses the FLoC API
> or if Chrome detects that it serves ads. You can opt out of
> this calculation by sending the following HTTP response header:
I doubt either condition applies to any rc-httpd deployments out there.
- sam-d