495 added django-permissions-policy to disable Google's Federated Learning of Cohorts (FLoC). FLoC was replaced by Topics in May 2023, so we should update the Permissions-Policy header to disable Topics. To do so, we should add the browsing-topics permissions policy to settings.py:
Whilst agreeing and documenting a Permissions-Policy for our sites is out of scope, using django-permissions-policy consistently across our Django apps isn't. Consequently, we should:
Add a Permissions-Policy to OpenCodelists
Update the Permissions-Policy on Actions and Reports
I've probably forgotten a Django app!
If you've followed the link to MDN, then you'll see:
Non-standard: This feature is non-standard and is not on a standards track. Do not use it on production sites facing the Web: it will not work for every user. There may also be large incompatibilities between implementations and the behavior may change in the future.
However, I think that's fine: not working for every user is an advantage when not working for any user is our goal.
495 added django-permissions-policy to disable Google's Federated Learning of Cohorts (FLoC). FLoC was replaced by Topics in May 2023, so we should update the Permissions-Policy header to disable Topics. To do so, we should add the browsing-topics permissions policy to
settings.py
:Whilst agreeing and documenting a Permissions-Policy for our sites is out of scope, using django-permissions-policy consistently across our Django apps isn't. Consequently, we should:
If you've followed the link to MDN, then you'll see:
However, I think that's fine: not working for every user is an advantage when not working for any user is our goal.
Chrome users can disable Topics with Settings > Privacy and security > Ads privacy. "How To Turn Off Google’s "Privacy Sandbox" Ad Tracking—and Why You Should" from the EFF has more information.