Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update the Permissions-Policy header to disable Topics #4390

Closed
iaindillingham opened this issue Jun 24, 2024 · 2 comments · Fixed by #4410
Closed

Update the Permissions-Policy header to disable Topics #4390

iaindillingham opened this issue Jun 24, 2024 · 2 comments · Fixed by #4410
Assignees
@iaindillingham
Labels
deck-scrubbing Tech debt or other between-initiative tidy-up work

Comments

@iaindillingham
Copy link
Member

#495 added django-permissions-policy to disable Google's Federated Learning of Cohorts (FLoC). FLoC was replaced by Topics in May 2023, so we should update the Permissions-Policy header to disable Topics. To do so, we should add the browsing-topics permissions policy to settings.py:

PERMISSIONS_POLICY = {
    "interest-cohort": [],
    "browsing-topics": [],
}

Whilst agreeing and documenting a Permissions-Policy for our sites is out of scope, using django-permissions-policy consistently across our Django apps isn't. Consequently, we should:

  • Add a Permissions-Policy to OpenCodelists
  • Update the Permissions-Policy on Actions and Reports
  • I've probably forgotten a Django app!

If you've followed the link to MDN, then you'll see:

Non-standard: This feature is non-standard and is not on a standards track. Do not use it on production sites facing the Web: it will not work for every user. There may also be large incompatibilities between implementations and the behavior may change in the future.

However, I think that's fine: not working for every user is an advantage when not working for any user is our goal.

Chrome users can disable Topics with Settings > Privacy and security > Ads privacy. "How To Turn Off Google’s "Privacy Sandbox" Ad Tracking—and Why You Should" from the EFF has more information.
@iaindillingham iaindillingham added the deck-scrubbing Tech debt or other between-initiative tidy-up work label Jun 24, 2024
@iaindillingham
Copy link
Member Author

Iain to create a master issue to track progress on our other Django/non-Django sites. We agreed in Thursday's tech team meeting to disable Topics.

@iaindillingham iaindillingham self-assigned this Jul 1, 2024
@iaindillingham
Copy link
Member Author

Archaeologists, see #1614.

iaindillingham added a commit that referenced this issue Jul 2, 2024
@iaindillingham
Update Permissions-Policy to disable Topics
a3d0591 
django-permissions-policy was added by #495 to disable Google's
[Federated Learning of
Cohorts](https://privacysandbox.com/proposals/floc/) (FLoC). FLoC was
replaced by [Topics](https://privacysandbox.com/proposals/topics/) in
May 2023, so we update the Permissions-Policy header to disable Topics.

Closes #4390
@iaindillingham iaindillingham mentioned this issue Jul 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@iaindillingham iaindillingham

Labels
deck-scrubbing Tech debt or other between-initiative tidy-up work
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update Permissions-Policy to disable Topics opensafely-core/job-server
1 participant
@iaindillingham