From 6f52f71b0d3ab4f7aa8c22427a6d4f2b513e554e Mon Sep 17 00:00:00 2001
From: El RIDO <elrido@gmx.net>
Date: Sat, 24 Apr 2021 14:00:39 +0200
Subject: [PATCH] web: add FLoC environment variable

ENABLE_FLOC, defaulting to false.
---
 docker-compose.yml            | 1 +
 env.example                   | 4 ++++
 web/rootfs/defaults/meet.conf | 4 ++++
 3 files changed, 9 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 7dbeab0..66a4df0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -13,6 +13,7 @@ services:
             - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
         environment:
             - ENABLE_COLIBRI_WEBSOCKET
+            - ENABLE_FLOC
             - ENABLE_LETSENCRYPT
             - ENABLE_HTTP_REDIRECT
             - ENABLE_HSTS
diff --git a/env.example b/env.example
index f90e3e3..e0f0858 100644
--- a/env.example
+++ b/env.example
@@ -357,6 +357,10 @@ JIBRI_LOGS_DIR=/config/logs
 # Disable HTTPS: handle TLS connections outside of this setup
 #DISABLE_HTTPS=1
 
+# Enable FLoC
+# Opt-In to Federated Learning of Cohorts tracking
+#ENABLE_FLOC=0
+
 # Redirect HTTP traffic to HTTPS
 # Necessary for Let's Encrypt, relies on standard HTTPS port (443)
 #ENABLE_HTTP_REDIRECT=1
diff --git a/web/rootfs/defaults/meet.conf b/web/rootfs/defaults/meet.conf
index 7ed2d91..2ce6b0f 100644
--- a/web/rootfs/defaults/meet.conf
+++ b/web/rootfs/defaults/meet.conf
@@ -22,6 +22,10 @@ add_header X-XSS-Protection "1; mode=block";
 add_header X-Jitsi-Shard {{ .Env.DEPLOYMENTINFO_SHARD }};
 {{ end }}
 
+{{ if not (.Env.ENABLE_FLOC | default "0" | toBool) }}
+add_header Permissions-Policy "interest-cohort=()";
+{{ end }}
+
 location = /config.js {
     alias /config/config.js;
 }