Saptak's Blog Posts
Progressive Enhancement is not anti-JavaScript
Posted: 2022-05-21T02:18:32+05:30Yesterday, I came across a tweet by Sara Soueidan, which resonated with me. Mostly because I have had this discussion (or heated arguments) quite a few times with many folks. Please go and read her tweet thread since she mentions some really great points about why progressive enhancement is not anti-js. As someone who cares about security, privacy, and accessibility, I have always been an advocate of progressive enhancement. I always believe that a website (or any web-based solution) should be accessible even without JavaScript in the browser. And more often than not, people take me as someone who is anti-JavaScript. Well, let me explain with the help (a lot of help) of resources already created by other brilliant folks.
Read moreThere is a lot more to autocomplete than you think
Posted: 2022-05-08T16:00:45+05:30Anyone who has dealt with <form> tag in HTML might have come across the autocomplete attribute. Most developers just put autocomplete="on" or autocomplete="off" based on whether they want users to be able to autocomplete the form fields or not. But there's much more in the autocomplete attribute than many folks may know.
Opting out of Google FLoC network
Posted: 2021-04-19T15:56:31+05:30Recently, Google announced their new ad-tracking and surveillance tool called Federated Learning of Cohorts (FLoC). This is a new alternative to the third-party cookie tracking that is otherwise widely used for advertising business.
EFF has written more about the issues with using Google FLoC and also created a website where you can test if you are already a victim of their FLoC tests.
Google will track any user visiting your website even if it doesn't have Google analytics or any other services related to Google. One easy way for users visiting websites to opt out of this is to not use Google Chrome and use browsers like Firefox, etc. However, website maintainers can also help against this new tracking technology by opting out of the FLoC network.
Permissions-Policy Header
So the main way of opting out of this surveillance technology is to add a HTTP response header to their websites.
The HTTP response header is
Permissions-Policy: interest-cohort()
The FLoC technology uses interest-cohort to check for an allowlist. By default, everything is allowed as long as the user is visiting from a browser which supports InterestCohort API. However, by mentioning interest-cohort() in the Permissions-Policy header, the website is opting out from allowing any origin (including the current page) from being tracked using FLoC. Hence the FLoC feature is turned off for the website, even if the user is visiting your website from a Google Chrome browser.
NGINX
To add the above header, go to your nginx configuration file and add the following inside the server block:
server {
...
add_header Permissions-Policy "interest-cohort=()";
...
}
If you have different nginx confs for multiple websites running via nginx, you have to do the above in all the server blocks or nginx configuration files.
Then run nginx -t to test that everything is correct in your updated nginx configuration.
Then, restart nginx by running the command service nginx restart (or any other command that you might use based on your OS to restart nginx)
If you are using any other web server or proxy server, you can check this link: https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network