Issue #3260401 by idebr, Spokje, Akram Khan, mcdruid, longwave, alexpott:...

# ini_set('pcre.backtrack_limit', 200000);

# ini_set('pcre.recursion_limit', 200000);

/**

 * Add Permissions-Policy header to disable Google FLoC.

 *

 * By default, Drupal sends the 'Permissions-Policy: interest-cohort=()' header

 * to disable Google's Federated Learning of Cohorts feature, introduced in

 * Chrome 89.

 *

 * See https://en.wikipedia.org/wiki/Federated_Learning_of_Cohorts for more

 * information about FLoC.

 *

 * If you don't wish to disable FLoC in Chrome, you can set this value

 * to FALSE.

 */

# $settings['block_interest_cohort'] = TRUE;

/**

 * Configuration overrides.

 *

    $response->headers->set('X-Content-Type-Options', 'nosniff', FALSE);

    $response->headers->set('X-Frame-Options', 'SAMEORIGIN', FALSE);

    // Add a Permissions-Policy header to block Federated Learning of Cohorts.

    if (Settings::get('block_interest_cohort', TRUE) && !$response->headers->has('Permissions-Policy')) {

      $response->headers->set('Permissions-Policy', 'interest-cohort=()');

    }

    // If the current response isn't an implementation of the

    // CacheableResponseInterface, we assume that a Response is either

    // explicitly not cacheable or that caching headers are already set in

      'replacement' => 'twig_sandbox_allowed_prefixes',

      'message' => 'The "twig_sandbox_whitelisted_prefixes" setting is deprecated in drupal:9.1.0 and is removed from drupal:10.0.0. Use "twig_sandbox_allowed_prefixes" instead. See https://www.drupal.org/node/3162897.',

    ],

    'block_interest_cohort' => [

      'replacement' => '',

      'message' => 'The "block_interest_cohort" setting is deprecated in drupal:9.5.0. This setting should be removed from the settings file, since its usage has been removed. See https://www.drupal.org/node/3320787.',

    ],

  ];

  /**

<?php

namespace Drupal\KernelTests\Core\Http;

use Drupal\Core\Site\Settings;

use Drupal\KernelTests\KernelTestBase;

use Symfony\Component\HttpFoundation\Request;

use Symfony\Component\HttpFoundation\Response;

use Symfony\Component\HttpKernel\Event\ResponseEvent;

use Symfony\Component\HttpKernel\HttpKernelInterface;

/**

 * Tests the Permissions-Policy header added by FinishResponseSubscriber.

 *

 * @group Http

 */

class BlockInterestCohortTest extends KernelTestBase {

  /**

   * Tests that FLoC is blocked by default.

   */

  public function testDefaultBlocking() {

    $request = Request::create('/');

    $response = \Drupal::service('http_kernel')->handle($request);

    $this->assertSame('interest-cohort=()', $response->headers->get('Permissions-Policy'));

  }

  /**

   * Tests that an existing interest-cohort policy is not overwritten.

   */

  public function testExistingInterestCohortPolicy() {

    $headers['Permissions-Policy'] = 'interest-cohort=*';

    $kernel = \Drupal::service('http_kernel');

    $request = Request::create('/');

    $response = new Response('', 200, $headers);

    $event = new ResponseEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST, $response);

    \Drupal::service('finish_response_subscriber')->onRespond($event);

    $this->assertSame($headers['Permissions-Policy'], $response->headers->get('Permissions-Policy'));

  }

  /**

   * Tests that an existing header is not modified.

   */

  public function testExistingPolicyHeader() {

    $headers['Permissions-Policy'] = 'geolocation=()';

    $kernel = \Drupal::service('http_kernel');

    $request = Request::create('/');

    $response = new Response('', 200, $headers);

    $event = new ResponseEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST, $response);

    \Drupal::service('finish_response_subscriber')->onRespond($event);

    $this->assertSame($headers['Permissions-Policy'], $response->headers->get('Permissions-Policy'));

  }

  /**

   * Tests that FLoC blocking is ignored for subrequests.

   */

  public function testSubrequestBlocking() {

    $request = Request::create('/');

    $response = \Drupal::service('http_kernel')->handle($request, HttpKernelInterface::SUB_REQUEST);

    $this->assertFalse($response->headers->has('Permissions-Policy'));

  }

  /**

   * Tests that FLoC blocking can be disabled in settings.php.

   */

  public function testDisableBlockSetting() {

    $settings = Settings::getAll();

    $settings['block_interest_cohort'] = FALSE;

    new Settings($settings);

    $request = Request::create('/');

    $response = \Drupal::service('http_kernel')->handle($request);

    $this->assertFalse($response->headers->has('Permissions-Policy'));

  }

}

        'twig_sandbox_whitelisted_prefixes',

        'The "twig_sandbox_whitelisted_prefixes" setting is deprecated in drupal:9.1.0 and is removed from drupal:10.0.0. Use "twig_sandbox_allowed_prefixes" instead. See https://www.drupal.org/node/3162897.',

      ],

      [

        'block_interest_cohort',

        'The "block_interest_cohort" setting is deprecated in drupal:9.5.0. This setting should be removed from the settings file, since its usage has been removed. See https://www.drupal.org/node/3320787.',

      ],

    ];

  }