Commit 577966e9 authored by Lukas 'Eipi' Eipert's avatar Lukas 'Eipi' Eipert Committed by Natalia Tepluhina

Application setting for FloC participation (disabled by default)

parent c4ef6fee
...@@ -22,6 +22,7 @@ class ApplicationController < ActionController::Base ...@@ -22,6 +22,7 @@ class ApplicationController < ActionController::Base
include Gitlab::Logging::CloudflareHelper include Gitlab::Logging::CloudflareHelper
include Gitlab::Utils::StrongMemoize include Gitlab::Utils::StrongMemoize
include ::Gitlab::WithFeatureCategory include ::Gitlab::WithFeatureCategory
include FlocOptOut
before_action :authenticate_user!, except: [:route_not_found] before_action :authenticate_user!, except: [:route_not_found]
before_action :enforce_terms!, if: :should_enforce_terms? before_action :enforce_terms!, if: :should_enforce_terms?
......
# frozen_string_literal: true
module FlocOptOut
extend ActiveSupport::Concern
included do
after_action :set_floc_opt_out_header, unless: :floc_enabled?
end
def floc_enabled?
Gitlab::CurrentSettings.floc_enabled
end
def set_floc_opt_out_header
response.headers['Permissions-Policy'] = 'interest-cohort=()'
end
end
...@@ -233,6 +233,7 @@ module ApplicationSettingsHelper ...@@ -233,6 +233,7 @@ module ApplicationSettingsHelper
:external_pipeline_validation_service_token, :external_pipeline_validation_service_token,
:external_pipeline_validation_service_url, :external_pipeline_validation_service_url,
:first_day_of_week, :first_day_of_week,
:floc_enabled,
:force_pages_access_control, :force_pages_access_control,
:gitaly_timeout_default, :gitaly_timeout_default,
:gitaly_timeout_medium, :gitaly_timeout_medium,
......
...@@ -504,6 +504,9 @@ class ApplicationSetting < ApplicationRecord ...@@ -504,6 +504,9 @@ class ApplicationSetting < ApplicationRecord
validates :whats_new_variant, validates :whats_new_variant,
inclusion: { in: ApplicationSetting.whats_new_variants.keys } inclusion: { in: ApplicationSetting.whats_new_variants.keys }
validates :floc_enabled,
inclusion: { in: [true, false], message: _('must be a boolean value') }
attr_encrypted :asset_proxy_secret_key, attr_encrypted :asset_proxy_secret_key,
mode: :per_attribute_iv, mode: :per_attribute_iv,
key: Settings.attr_encrypted_db_key_base_truncated, key: Settings.attr_encrypted_db_key_base_truncated,
......
...@@ -77,6 +77,7 @@ module ApplicationSettingImplementation ...@@ -77,6 +77,7 @@ module ApplicationSettingImplementation
external_pipeline_validation_service_token: nil, external_pipeline_validation_service_token: nil,
external_pipeline_validation_service_url: nil, external_pipeline_validation_service_url: nil,
first_day_of_week: 0, first_day_of_week: 0,
floc_enabled: false,
gitaly_timeout_default: 55, gitaly_timeout_default: 55,
gitaly_timeout_fast: 10, gitaly_timeout_fast: 10,
gitaly_timeout_medium: 30, gitaly_timeout_medium: 30,
......
- expanded = integration_expanded?('floc_')
%section.settings.no-animate#js-floc-settings{ class: ('expanded' if expanded) }
.settings-header
%h4
= s_('FloC|Federated Learning of Cohorts')
%button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
= expanded ? _('Collapse') : _('Expand')
%p
= s_('FloC|Configure whether you want to participate in FloC.').html_safe
= link_to sprite_icon('question-o'), 'https://github.com/WICG/floc', target: '_blank', class: 'has-tooltip', title: _('More information')
.settings-content
= form_for @application_setting, url: general_admin_application_settings_path(anchor: 'js-floc-settings'), html: { class: 'fieldset-form', id: 'floc-settings' } do |f|
= form_errors(@application_setting)
%fieldset
.form-group
.form-check
= f.check_box :floc_enabled, class: 'form-check-input'
= f.label :floc_enabled, s_('FloC|Enable FloC (Federated Learning of Cohorts)'), class: 'form-check-label'
= f.submit s_('Save changes'), class: 'gl-button btn btn-confirm'
...@@ -112,3 +112,4 @@ ...@@ -112,3 +112,4 @@
= render 'admin/application_settings/third_party_offers' = render 'admin/application_settings/third_party_offers'
= render 'admin/application_settings/snowplow' = render 'admin/application_settings/snowplow'
= render 'admin/application_settings/eks' = render 'admin/application_settings/eks'
= render 'admin/application_settings/floc'
---
title: Application setting for FloC participation (disabled by default)
merge_request: 60933
author:
type: added
# frozen_string_literal: true
class AddFlocApplicationSettings < ActiveRecord::Migration[6.0]
def change
add_column :application_settings, :floc_enabled, :boolean, default: false, null: false
end
end
9d1254393da80e0b1e387fba493f83f8775f0340f23c648e638a9983f965f5c9
\ No newline at end of file
...@@ -9513,6 +9513,7 @@ CREATE TABLE application_settings ( ...@@ -9513,6 +9513,7 @@ CREATE TABLE application_settings (
whats_new_variant smallint DEFAULT 0, whats_new_variant smallint DEFAULT 0,
encrypted_spam_check_api_key bytea, encrypted_spam_check_api_key bytea,
encrypted_spam_check_api_key_iv bytea, encrypted_spam_check_api_key_iv bytea,
floc_enabled boolean DEFAULT false NOT NULL,
CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)), CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)),
CONSTRAINT app_settings_ext_pipeline_validation_service_url_text_limit CHECK ((char_length(external_pipeline_validation_service_url) <= 255)), CONSTRAINT app_settings_ext_pipeline_validation_service_url_text_limit CHECK ((char_length(external_pipeline_validation_service_url) <= 255)),
CONSTRAINT app_settings_registry_exp_policies_worker_capacity_positive CHECK ((container_registry_expiration_policies_worker_capacity >= 0)), CONSTRAINT app_settings_registry_exp_policies_worker_capacity_positive CHECK ((container_registry_expiration_policies_worker_capacity >= 0)),
...@@ -88,6 +88,7 @@ Example response: ...@@ -88,6 +88,7 @@ Example response:
"rate_limiting_response_text": null, "rate_limiting_response_text": null,
"keep_latest_artifact": true, "keep_latest_artifact": true,
"admin_mode": false, "admin_mode": false,
"floc_enabled": false,
"external_pipeline_validation_service_timeout": null, "external_pipeline_validation_service_timeout": null,
"external_pipeline_validation_service_token": null, "external_pipeline_validation_service_token": null,
"external_pipeline_validation_service_url": null "external_pipeline_validation_service_url": null
......
...@@ -171,6 +171,7 @@ module API ...@@ -171,6 +171,7 @@ module API
optional :wiki_page_max_content_bytes, type: Integer, desc: "Maximum wiki page content size in bytes" optional :wiki_page_max_content_bytes, type: Integer, desc: "Maximum wiki page content size in bytes"
optional :require_admin_approval_after_user_signup, type: Boolean, desc: 'Require explicit admin approval for new signups' optional :require_admin_approval_after_user_signup, type: Boolean, desc: 'Require explicit admin approval for new signups'
optional :whats_new_variant, type: String, values: ApplicationSetting.whats_new_variants.keys, desc: "What's new variant, possible values: `all_tiers`, `current_tier`, and `disabled`." optional :whats_new_variant, type: String, values: ApplicationSetting.whats_new_variants.keys, desc: "What's new variant, possible values: `all_tiers`, `current_tier`, and `disabled`."
optional :floc_enabled, type: Grape::API::Boolean, desc: 'Enable FloC (Federated Learning of Cohorts)'
ApplicationSetting::SUPPORTED_KEY_TYPES.each do |type| ApplicationSetting::SUPPORTED_KEY_TYPES.each do |type|
optional :"#{type}_key_restriction", optional :"#{type}_key_restriction",
......
...@@ -14079,6 +14079,15 @@ msgstr "" ...@@ -14079,6 +14079,15 @@ msgstr ""
msgid "Flags" msgid "Flags"
msgstr "" msgstr ""
msgid "FloC|Configure whether you want to participate in FloC."
msgstr ""
msgid "FloC|Enable FloC (Federated Learning of Cohorts)"
msgstr ""
msgid "FloC|Federated Learning of Cohorts"
msgstr ""
msgid "FlowdockService|1b609b52537..." msgid "FlowdockService|1b609b52537..."
msgstr "" msgstr ""
......
...@@ -1027,4 +1027,44 @@ RSpec.describe ApplicationController do ...@@ -1027,4 +1027,44 @@ RSpec.describe ApplicationController do
get :index get :index
end end
end end
describe 'setting permissions-policy header' do
controller do
skip_before_action :authenticate_user!
def index
render html: 'It is a flock of sheep, not a floc of sheep.'
end
end
before do
routes.draw do
get 'index' => 'anonymous#index'
end
end
context 'with FloC enabled' do
before do
stub_application_setting floc_enabled: true
end
it 'does not set the Permissions-Policy header' do
get :index
expect(response.headers['Permissions-Policy']).to eq(nil)
end
end
context 'with FloC disabled' do
before do
stub_application_setting floc_enabled: false
end
it 'sets the Permissions-Policy header' do
get :index
expect(response.headers['Permissions-Policy']).to eq('interest-cohort=()')
end
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment