Laravel Disable Floc Laravel Package
spatie/laravel-disable-floc
Automatically disables Google’s FLoC in Laravel apps by adding a Permissions-Policy header. Installs via Composer and works out of the box—no configuration needed. Applies the header to responses that don’t already set Permissions-Policy.
Getting Started
Minimal Setup
-
Installation:
composer require spatie/laravel-disable-flocThe package auto-discovers Laravel 5.5+ and requires no manual registration.
-
First Use Case:
- Immediately disables FLoC for all users by default. No configuration is needed out of the box.
- Verify via browser DevTools (Network tab) that the
Permissions-Policyheader includesinterest-cohort=():Permissions-Policy: interest-cohort=(), geolocation=()
-
Where to Look First:
- README for core functionality.
config/floc.php(auto-generated) for customization options.
Implementation Patterns
Core Workflow
-
Default Behavior:
- Automatically injects
interest-cohort=()into thePermissions-Policyheader via Laravel’s middleware stack. - Works globally across all routes unless overridden.
- Automatically injects
-
Conditional Disabling:
// Disable FLoC only for specific routes Route::middleware(['web', DisableFloc::class])->group(function () { // Routes where FLoC is disabled }); -
Dynamic Control:
- Use middleware to conditionally disable FLoC per request:
public function handle(Request $request, Closure $next) { if ($request->user()->shouldDisableFloc()) { app(DisableFloc::class)->disable(); } return $next($request); }
- Use middleware to conditionally disable FLoC per request:
-
Integration with Existing Headers:
- Extend the
Permissions-Policyheader without conflicts:// In AppServiceProvider boot() $this->app[DisableFloc::class]->addToHeader('geolocation=()');
- Extend the
Advanced Patterns
-
Custom Headers:
// Disable FLoC and add CHIPs header DisableFloc::addToHeader('interest-cohort=(), ch-ip-lookup=()'); -
Middleware Stacking: Combine with other Spatie middleware (e.g.,
spatie/laravel-activitylog) for layered privacy controls.
Gotchas and Tips
Pitfalls
-
Header Conflicts:
- If another package modifies
Permissions-Policy, ensureinterest-cohort=()isn’t overridden. UseDisableFloc::addToHeader()to append safely.
- If another package modifies
-
Caching Headers:
- FLoC headers may be cached by proxies/CDNs. Test with
Cache-Control: no-cacheto verify real-time changes.
- FLoC headers may be cached by proxies/CDNs. Test with
-
Laravel Version:
- Requires Laravel 5.5+. For older versions, manually register the middleware in
app/Http/Kernel.php:protected $middleware = [ // ... \Spatie\DisableFloc\Middleware\DisableFloc::class, ];
- Requires Laravel 5.5+. For older versions, manually register the middleware in
Debugging
-
Verify Headers: Use
dd($request->headers->get('Permissions-Policy'))in a middleware to inspect the header. -
Disable for Testing: Temporarily disable the package in
config/floc.php:'enabled' => env('DISABLE_FLOC_TESTING', false),
Extension Points
-
Custom Logic: Override the default header logic by publishing the config:
php artisan vendor:publish --provider="Spatie\DisableFloc\DisableFlocServiceProvider"Then modify
config/floc.phpto include custom conditions. -
Event-Based Control: Listen for
floc.disabledevents to react to FLoC changes:event(new FLoCDisabled($request)); -
Conditional Middleware: Dynamically enable/disable via a service:
app(DisableFloc::class)->disable(); // Disable for current request app(DisableFloc::class)->enable(); // Re-enable
How can I help you explore Laravel packages today?