Remove FLoC handling

.changeset/friendly-eggs-cry.md

@@ -0,0 +1,5 @@
+---
+'@sveltejs/kit': patch
+---
+
+remove FLoC protection, now that we vanquished Google

documentation/docs/14-configuration.md

@@ -39,7 +39,6 @@ const config = {
 			serviceWorker: 'src/service-worker',
 			template: 'src/app.html'
 		},
-		floc: false,
 		inlineStyleThreshold: 0,
 		methodOverride: {
 			parameter: '_method',
@@ -167,18 +166,6 @@ An object containing zero or more of the following `string` values:
 - `serviceWorker` — the location of your service worker's entry point (see [Service workers](/docs/service-workers))
 - `template` — the location of the template for HTML responses
 
-### floc
-
-Google's [FLoC](https://github.com/WICG/floc) is a technology for targeted advertising that the [Electronic Frontier Foundation](https://www.eff.org/) has deemed [harmful](https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea) to user privacy. [Browsers other than Chrome](https://www.theverge.com/2021/4/16/22387492/google-floc-ad-tech-privacy-browsers-brave-vivaldi-edge-mozilla-chrome-safari) have declined to implement it.
-
-In common with services like [GitHub Pages](https://github.blog/changelog/2021-04-27-github-pages-permissions-policy-interest-cohort-header-added-to-all-pages-sites/), SvelteKit protects your users by automatically opting out of FLoC. It adds the following header to responses unless `floc` is `true`:
-
-```
-Permissions-Policy: interest-cohort=()
-```
-
-> This only applies to server-rendered responses — headers for prerendered pages (e.g. created with [adapter-static](https://github.com/sveltejs/kit/tree/master/packages/adapter-static)) are determined by the hosting platform.
-
 ### inlineStyleThreshold
 
 Inline CSS inside a `<style>` block at the head of the HTML. This option is a number that specifies the maximum length of a CSS file to be inlined. All CSS files needed for the page and smaller than this value are merged and inlined in a `<style>` block.

packages/kit/src/core/config/index.spec.js

@@ -79,7 +79,6 @@ const get_defaults = (prefix = '') => ({
 			serviceWorker: join(prefix, 'src/service-worker'),
 			template: join(prefix, 'src/app.html')
 		},
-		floc: false,
 		headers: undefined,
 		host: undefined,
 		hydrate: undefined,

packages/kit/src/core/config/options.js

@@ -130,8 +130,6 @@ const options = object(
 				template: string(join('src', 'app.html'))
 			}),
 
-			floc: boolean(false),
-
 			// TODO: remove this for the 1.0 release
 			headers: error(
 				(keypath) =>

packages/kit/src/runtime/server/page/render.js

@@ -300,10 +300,6 @@ export async function render_response({
 		headers.set('cache-control', `${is_private ? 'private' : 'public'}, max-age=${cache.maxage}`);
 	}
 
-	if (!options.floc) {
-		headers.set('permissions-policy', 'interest-cohort=()');
-	}
-
 	if (!state.prerendering) {
 		const csp_header = csp.get_header();
 		if (csp_header) {

packages/kit/src/vite/build/build_server.js

@@ -48,7 +48,6 @@ export class Server {
 		this.options = {
 			csp: ${s(config.kit.csp)},
 			dev: false,
-			floc: ${config.kit.floc},
 			get_stack: error => String(error), // for security
 			handle_error: (error, event) => {
 				this.options.hooks.handleError({

packages/kit/src/vite/dev/index.js

@@ -295,7 +295,6 @@ export async function dev(vite, svelte_config) {
 					{
 						csp: svelte_config.kit.csp,
 						dev: true,
-						floc: svelte_config.kit.floc,
 						get_stack: (error) => {
 							return fix_stack_trace(error);
 						},

packages/kit/test/apps/basics/test/test.js

@@ -1212,12 +1212,6 @@ test.describe('ETags', () => {
 });
 
 test.describe('Headers', () => {
-	test('disables floc by default', async ({ page }) => {
-		const response = await page.goto('/headers');
-		const headers = /** @type {Response} */ (response).headers();
-		expect(headers['permissions-policy']).toBe('interest-cohort=()');
-	});
-
 	test('allows headers to be sent as a Headers class instead of a POJO', async ({ page }) => {
 		await page.goto('/headers/class');
 		expect(await page.innerHTML('p')).toBe('bar');

packages/kit/test/apps/options/svelte.config.js

@@ -16,7 +16,6 @@ const config = {
 			serviceWorker: 'source/service-worker'
 		},
 		appDir: '_wheee',
-		floc: true,
 		inlineStyleThreshold: 1024,
 		outDir: '.custom-out-dir',
 		trailingSlash: 'always',

packages/kit/test/apps/options/test/test.js

@@ -132,14 +132,6 @@ test.describe('Custom extensions', () => {
 	});
 });
 
-test.describe('Headers', () => {
-	test('enables floc', async ({ page }) => {
-		const response = await page.goto('/path-base');
-		const headers = /** @type {Response} */ (response).headers();
-		expect(headers['permissions-policy']).toBeUndefined();
-	});
-});
-
 test.describe('trailingSlash', () => {
 	test('adds trailing slash', async ({ baseURL, page, clicknav }) => {
 		await page.goto('/path-base/slash');

packages/kit/types/index.d.ts

@@ -117,7 +117,6 @@ export interface KitConfig {
 		serviceWorker?: string;
 		template?: string;
 	};
-	floc?: boolean;
 	inlineStyleThreshold?: number;
 	methodOverride?: {
 		parameter?: string;

packages/kit/types/internal.d.ts

@@ -244,7 +244,6 @@ export type SSRNodeLoader = () => Promise<SSRNode>;
 export interface SSROptions {
 	csp: ValidatedConfig['kit']['csp'];
 	dev: boolean;
-	floc: boolean;
 	get_stack: (error: Error) => string | undefined;
 	handle_error(error: Error & { frame?: string }, event: RequestEvent): void;
 	hooks: Hooks;