web: add FLoC environment variable

ENABLE_FLOC, defaulting to false.

docker-compose.yml

@@ -13,6 +13,7 @@ services:
             - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
         environment:
             - ENABLE_COLIBRI_WEBSOCKET
+            - ENABLE_FLOC
             - ENABLE_LETSENCRYPT
             - ENABLE_HTTP_REDIRECT
             - ENABLE_HSTS

env.example

@@ -357,6 +357,10 @@ JIBRI_LOGS_DIR=/config/logs
 # Disable HTTPS: handle TLS connections outside of this setup
 #DISABLE_HTTPS=1
 
+# Enable FLoC
+# Opt-In to Federated Learning of Cohorts tracking
+#ENABLE_FLOC=0
+
 # Redirect HTTP traffic to HTTPS
 # Necessary for Let's Encrypt, relies on standard HTTPS port (443)
 #ENABLE_HTTP_REDIRECT=1

web/rootfs/defaults/meet.conf

@@ -22,6 +22,10 @@ add_header X-XSS-Protection "1; mode=block";
 add_header X-Jitsi-Shard {{ .Env.DEPLOYMENTINFO_SHARD }};
 {{ end }}
 
+{{ if not (.Env.ENABLE_FLOC | default "0" | toBool) }}
+add_header Permissions-Policy "interest-cohort=()";
+{{ end }}
+
 location = /config.js {
     alias /config/config.js;
 }