diff --git a/administrator/components/com_admin/sql/updates/mysql/3.9.27-2021-04-20.sql b/administrator/components/com_admin/sql/updates/mysql/3.9.27-2021-04-20.sql new file mode 100644 index 0000000000000..42748f289e559 --- /dev/null +++ b/administrator/components/com_admin/sql/updates/mysql/3.9.27-2021-04-20.sql @@ -0,0 +1,3 @@ +INSERT INTO `#__postinstall_messages` (`extension_id`, `title_key`, `description_key`, `language_extension`, `language_client_id`, `type`, `version_introduced`, `enabled`) +VALUES +(700, 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_TITLE', 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_DESCRIPTION', 'com_admin', 1, 'message', '3.9.27', 1); diff --git a/administrator/components/com_admin/sql/updates/postgresql/3.9.27-2021-04-20.sql b/administrator/components/com_admin/sql/updates/postgresql/3.9.27-2021-04-20.sql new file mode 100644 index 0000000000000..c34c3ad0be557 --- /dev/null +++ b/administrator/components/com_admin/sql/updates/postgresql/3.9.27-2021-04-20.sql @@ -0,0 +1,3 @@ +INSERT INTO "#__postinstall_messages" ("extension_id", "title_key", "description_key", "language_extension", "language_client_id", "type", "version_introduced", "enabled") +VALUES +(700, 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_TITLE', 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_DESCRIPTION', 'com_admin', 1, 'message', '3.9.27', 1); diff --git a/administrator/components/com_admin/sql/updates/sqlazure/3.9.27-2021-04-20.sql b/administrator/components/com_admin/sql/updates/sqlazure/3.9.27-2021-04-20.sql new file mode 100644 index 0000000000000..8b9b981e1f75a --- /dev/null +++ b/administrator/components/com_admin/sql/updates/sqlazure/3.9.27-2021-04-20.sql @@ -0,0 +1,3 @@ +INSERT INTO [#__postinstall_messages] ([extension_id], [title_key], [description_key], [language_extension], [language_client_id], [type], [version_introduced], [enabled]) +VALUES +(700, 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_TITLE', 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_DESCRIPTION', 'com_admin', 1, 'message', '3.9.27', 1); diff --git a/administrator/components/com_config/model/form/application.xml b/administrator/components/com_config/model/form/application.xml index 8d5b40ad54a17..6c6cc0a685da2 100644 --- a/administrator/components/com_config/model/form/application.xml +++ b/administrator/components/com_config/model/form/application.xml @@ -1208,6 +1208,19 @@ + + + + +
here and here. Starting with Joomla! 3.9.27 your website blocks this technology, you can re-allow it from the Global Configuration. Additionally to disable this technology for all requests to your server, you have to update your .htaccess." +COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_TITLE="Block Federated Learning of Cohorts (FLoC)" COM_ADMIN_POSTINSTALL_MSG_HTACCESS_AUTOINDEX_DESCRIPTION="

Before 3.9.22 the default htaccess.txt file contained erroneous code meant for disabling directory listings. The security team recommends to manually apply the necessary changes to any existing .htaccess file, as this file can not be updated automatically.

The old code:

<IfModule autoindex>\n  IndexIgnore *\n</IfModule>

The new code:

<IfModule mod_autoindex.c>\n  IndexIgnore *\n</IfModule>
" COM_ADMIN_POSTINSTALL_MSG_HTACCESS_AUTOINDEX_TITLE=".htaccess Update Concerning Directory Listings" COM_ADMIN_REGISTER_GLOBALS="Register Globals" diff --git a/administrator/language/en-GB/en-GB.com_config.ini b/administrator/language/en-GB/en-GB.com_config.ini index 846e2714dad56..372e2ffeeb81c 100644 --- a/administrator/language/en-GB/en-GB.com_config.ini +++ b/administrator/language/en-GB/en-GB.com_config.ini @@ -93,6 +93,8 @@ COM_CONFIG_FIELD_FILTERS_CUSTOM_BLACK_LIST="Custom Blacklist" COM_CONFIG_FIELD_FILTERS_NO_HTML="No HTML" COM_CONFIG_FIELD_FILTERS_NO_FILTER="No Filtering" COM_CONFIG_FIELD_FILTERS_WHITE_LIST="Whitelist" +COM_CONFIG_FIELD_FLOC_BLOCKER_DESC="Send a header to not support the tracking through the FLoC method." +COM_CONFIG_FIELD_FLOC_BLOCKER_LABEL="Block FLoC" COM_CONFIG_FRONTEDITING_DESC="Select if you want inline editing for modules and menu items (support may depend on your template)." COM_CONFIG_FRONTEDITING_LABEL="Inline Editing" COM_CONFIG_FRONTEDITING_MENUSANDMODULES="Modules & Menus" diff --git a/htaccess.txt b/htaccess.txt index 25b89f65cccda..8c1963cbc020f 100644 --- a/htaccess.txt +++ b/htaccess.txt @@ -24,6 +24,13 @@ ## Suppress mime type detection in browsers for unknown types Header always set X-Content-Type-Options "nosniff" +## +# Disable Federated Learning of Cohorts (FLoC) +# If you uncomment the below directive you have to allow this technology in the +# Global Configuration of Joomla. Read more about this in the Post-Installation +# message in the backend. +## +# Header always set Permissions-Policy "interest-cohort=()" ## Can be commented out if causes errors, see notes above. diff --git a/installation/sql/mysql/joomla.sql b/installation/sql/mysql/joomla.sql index 841691426b1f5..c49be68099244 100644 --- a/installation/sql/mysql/joomla.sql +++ b/installation/sql/mysql/joomla.sql @@ -1675,7 +1675,8 @@ INSERT INTO `#__postinstall_messages` (`extension_id`, `title_key`, `description (700, 'TPL_HATHOR_MESSAGE_POSTINSTALL_TITLE', 'TPL_HATHOR_MESSAGE_POSTINSTALL_BODY', 'TPL_HATHOR_MESSAGE_POSTINSTALL_ACTION', 'tpl_hathor', 1, 'action', 'admin://templates/hathor/postinstall/hathormessage.php', 'hathormessage_postinstall_action', 'admin://templates/hathor/postinstall/hathormessage.php', 'hathormessage_postinstall_condition', '3.7.0', 1), (700, 'PLG_PLG_RECAPTCHA_VERSION_1_POSTINSTALL_TITLE', 'PLG_PLG_RECAPTCHA_VERSION_1_POSTINSTALL_BODY', 'PLG_PLG_RECAPTCHA_VERSION_1_POSTINSTALL_ACTION', 'plg_captcha_recaptcha', 1, 'action', 'site://plugins/captcha/recaptcha/postinstall/actions.php', 'recaptcha_postinstall_action', 'site://plugins/captcha/recaptcha/postinstall/actions.php', 'recaptcha_postinstall_condition', '3.8.6', 1), (700, 'COM_ACTIONLOGS_POSTINSTALL_TITLE', 'COM_ACTIONLOGS_POSTINSTALL_BODY', '', 'com_actionlogs', 1, 'message', '', '', '', '', '3.9.0', 1), -(700, 'COM_PRIVACY_POSTINSTALL_TITLE', 'COM_PRIVACY_POSTINSTALL_BODY', '', 'com_privacy', 1, 'message', '', '', '', '', '3.9.0', 1); +(700, 'COM_PRIVACY_POSTINSTALL_TITLE', 'COM_PRIVACY_POSTINSTALL_BODY', '', 'com_privacy', 1, 'message', '', '', '', '', '3.9.0', 1), +(700, 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_TITLE', 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_DESCRIPTION', '', 'com_admin', 1, 'message', '', '', '', '', '3.9.27', 1); -- -------------------------------------------------------- diff --git a/installation/sql/postgresql/joomla.sql b/installation/sql/postgresql/joomla.sql index e8535c5dcdf8e..1ea2ae2d3d724 100644 --- a/installation/sql/postgresql/joomla.sql +++ b/installation/sql/postgresql/joomla.sql @@ -1657,7 +1657,8 @@ INSERT INTO "#__postinstall_messages" ("extension_id", "title_key", "description (700, 'TPL_HATHOR_MESSAGE_POSTINSTALL_TITLE', 'TPL_HATHOR_MESSAGE_POSTINSTALL_BODY', 'TPL_HATHOR_MESSAGE_POSTINSTALL_ACTION', 'tpl_hathor', 1, 'action', 'admin://templates/hathor/postinstall/hathormessage.php', 'hathormessage_postinstall_action', 'admin://templates/hathor/postinstall/hathormessage.php', 'hathormessage_postinstall_condition', '3.7.0', 1), (700, 'PLG_PLG_RECAPTCHA_VERSION_1_POSTINSTALL_TITLE', 'PLG_PLG_RECAPTCHA_VERSION_1_POSTINSTALL_BODY', 'PLG_PLG_RECAPTCHA_VERSION_1_POSTINSTALL_ACTION', 'plg_captcha_recaptcha', 1, 'action', 'site://plugins/captcha/recaptcha/postinstall/actions.php', 'recaptcha_postinstall_action', 'site://plugins/captcha/recaptcha/postinstall/actions.php', 'recaptcha_postinstall_condition', '3.8.6', 1), (700, 'COM_ACTIONLOGS_POSTINSTALL_TITLE', 'COM_ACTIONLOGS_POSTINSTALL_BODY', '', 'com_actionlogs', 1, 'message', '', '', '', '', '3.9.0', 1), -(700, 'COM_PRIVACY_POSTINSTALL_TITLE', 'COM_PRIVACY_POSTINSTALL_BODY', '', 'com_privacy', 1, 'message', '', '', '', '', '3.9.0', 1); +(700, 'COM_PRIVACY_POSTINSTALL_TITLE', 'COM_PRIVACY_POSTINSTALL_BODY', '', 'com_privacy', 1, 'message', '', '', '', '', '3.9.0', 1), +(700, 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_TITLE', 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_DESCRIPTION', '', 'com_admin', 1, 'message', '', '', '', '', '3.9.27', 1); -- -- Table structure for table `#__privacy_requests` diff --git a/installation/sql/sqlazure/joomla.sql b/installation/sql/sqlazure/joomla.sql index fb4c88e3e406f..e984c8c6d9fb3 100644 --- a/installation/sql/sqlazure/joomla.sql +++ b/installation/sql/sqlazure/joomla.sql @@ -2372,7 +2372,8 @@ INSERT INTO "#__postinstall_messages" ("extension_id", "title_key", "description (700, 'TPL_HATHOR_MESSAGE_POSTINSTALL_TITLE', 'TPL_HATHOR_MESSAGE_POSTINSTALL_BODY', 'TPL_HATHOR_MESSAGE_POSTINSTALL_ACTION', 'tpl_hathor', 1, 'action', 'admin://templates/hathor/postinstall/hathormessage.php', 'hathormessage_postinstall_action', 'admin://templates/hathor/postinstall/hathormessage.php', 'hathormessage_postinstall_condition', '3.7.0', 1), (700, 'PLG_PLG_RECAPTCHA_VERSION_1_POSTINSTALL_TITLE', 'PLG_PLG_RECAPTCHA_VERSION_1_POSTINSTALL_BODY', 'PLG_PLG_RECAPTCHA_VERSION_1_POSTINSTALL_ACTION', 'plg_captcha_recaptcha', 1, 'action', 'site://plugins/captcha/recaptcha/postinstall/actions.php', 'recaptcha_postinstall_action', 'site://plugins/captcha/recaptcha/postinstall/actions.php', 'recaptcha_postinstall_condition', '3.8.6', 1), (700, 'COM_ACTIONLOGS_POSTINSTALL_TITLE', 'COM_ACTIONLOGS_POSTINSTALL_BODY', '', 'com_actionlogs', 1, 'message', '', '', '', '', '3.9.0', 1), -(700, 'COM_PRIVACY_POSTINSTALL_TITLE', 'COM_PRIVACY_POSTINSTALL_BODY', '', 'com_privacy', 1, 'message', '', '', '', '', '3.9.0', 1); +(700, 'COM_PRIVACY_POSTINSTALL_TITLE', 'COM_PRIVACY_POSTINSTALL_BODY', '', 'com_privacy', 1, 'message', '', '', '', '', '3.9.0', 1), +(700, 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_TITLE', 'COM_ADMIN_POSTINSTALL_MSG_FLOC_BLOCKER_DESCRIPTION', '', 'com_admin', 1, 'message', '', '', '', '', '3.9.27', 1); -- -- Table structure for table `#__privacy_requests` diff --git a/libraries/src/Application/CMSApplication.php b/libraries/src/Application/CMSApplication.php index ea6b65c45909a..521a7a438efad 100644 --- a/libraries/src/Application/CMSApplication.php +++ b/libraries/src/Application/CMSApplication.php @@ -209,6 +209,34 @@ public function execute() $this->render(); } + if ($this->get('block_floc', 1)) + { + $headers = $this->getHeaders(); + + $notPresent = true; + + foreach ($headers as $header) + { + if (strtolower($header['name']) === 'permissions-policy') + { + // Append interest-cohort if the Permissions-Policy is not set + if (strpos($header['value'], 'interest-cohort') === false) + { + $this->setHeader('Permissions-Policy', $header['value'] . ', interest-cohort=()', true); + } + + $notPresent = false; + + break; + } + } + + if ($notPresent) + { + $this->setHeader('Permissions-Policy', 'interest-cohort=()'); + } + } + // If gzip compression is enabled in configuration and the server is compliant, compress the output. if ($this->get('gzip') && !ini_get('zlib.output_compression') && ini_get('output_handler') !== 'ob_gzhandler') {