Merge branch 'dcouture-floc-optout-beforeaction' into 'master'

Set floc opt out header before_action

See merge request gitlab-org/gitlab!82320

app/controllers/concerns/floc_opt_out.rb

@@ -4,7 +4,7 @@ module FlocOptOut
   extend ActiveSupport::Concern
 
   included do
-    after_action :set_floc_opt_out_header, unless: :floc_enabled?
+    before_action :set_floc_opt_out_header, unless: :floc_enabled?
   end
 
   def floc_enabled?

spec/controllers/application_controller_spec.rb

@@ -1059,15 +1059,25 @@ RSpec.describe ApplicationController do
   describe 'setting permissions-policy header' do
     controller do
       skip_before_action :authenticate_user!
+      before_action :redirect_to_example, only: [:redirect]
 
       def index
         render html: 'It is a flock of sheep, not a floc of sheep.'
       end
+
+      def redirect
+        raise 'Should not be reached'
+      end
+
+      def redirect_to_example
+        redirect_to('https://example.com')
+      end
     end
 
     before do
       routes.draw do
         get 'index' => 'anonymous#index'
+        get 'redirect' => 'anonymous#redirect'
       end
     end
 
@@ -1093,6 +1103,13 @@ RSpec.describe ApplicationController do
 
         expect(response.headers['Permissions-Policy']).to eq('interest-cohort=()')
       end
+
+      it 'sets the Permissions-Policy header even when redirected before_action' do
+        get :redirect
+
+        expect(response).to have_gitlab_http_status(:redirect)
+        expect(response.headers['Permissions-Policy']).to eq('interest-cohort=()')
+      end
     end
   end
 end