From 6142d9f3aa6519fd62883d561396f7102a9d5494 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Iv=C3=A1n=20Zaera=20Avell=C3=B3n?= <ivan.zaera@liferay.com>
Date: Fri, 28 Nov 2025 12:40:56 +0100
Subject: [PATCH 1/3] LPD-72782 Create a configuration to remove client's IP
 from Liferay object

---
 .../LiferayGlobalObjectConfiguration.java     | 32 +++++++++++
 ...ferayGlobalObjectPreAUIDynamicInclude.java | 54 +++++++++++++++++--
 .../resources/content/Language.properties     |  3 ++
 3 files changed, 85 insertions(+), 4 deletions(-)
 create mode 100644 modules/apps/frontend-js/frontend-js-web/src/main/java/com/liferay/frontend/js/web/internal/configuration/LiferayGlobalObjectConfiguration.java

diff --git a/modules/apps/frontend-js/frontend-js-web/src/main/java/com/liferay/frontend/js/web/internal/configuration/LiferayGlobalObjectConfiguration.java b/modules/apps/frontend-js/frontend-js-web/src/main/java/com/liferay/frontend/js/web/internal/configuration/LiferayGlobalObjectConfiguration.java
new file mode 100644
index 00000000000000..b5aabd9dacb794
--- /dev/null
+++ b/modules/apps/frontend-js/frontend-js-web/src/main/java/com/liferay/frontend/js/web/internal/configuration/LiferayGlobalObjectConfiguration.java
@@ -0,0 +1,32 @@
+/**
+ * SPDX-FileCopyrightText: (c) 2025 Liferay, Inc. https://liferay.com
+ * SPDX-License-Identifier: LGPL-2.1-or-later OR LicenseRef-Liferay-DXP-EULA-2.0.0-2023-06
+ */
+
+package com.liferay.frontend.js.web.internal.configuration;
+
+import aQute.bnd.annotation.metatype.Meta;
+
+import com.liferay.portal.configuration.metatype.annotations.ExtendedObjectClassDefinition;
+
+/**
+ * @author Iván Zaera Avellón
+ */
+@ExtendedObjectClassDefinition(
+	category = "infrastructure",
+	scope = ExtendedObjectClassDefinition.Scope.COMPANY, strictScope = true
+)
+@Meta.OCD(
+	id = "com.liferay.frontend.js.web.internal.configuration.LiferayGlobalObjectConfiguration",
+	localization = "content/Language",
+	name = "liferay-global-object-configuration-name"
+)
+public interface LiferayGlobalObjectConfiguration {
+
+	@Meta.AD(
+		deflt = "false", description = "disable-get-remote-methods-help",
+		name = "disable-get-remote-methods", required = false
+	)
+	public boolean disableGetRemoteMethods();
+
+}
\ No newline at end of file
diff --git a/modules/apps/frontend-js/frontend-js-web/src/main/java/com/liferay/frontend/js/web/internal/servlet/taglib/LiferayGlobalObjectPreAUIDynamicInclude.java b/modules/apps/frontend-js/frontend-js-web/src/main/java/com/liferay/frontend/js/web/internal/servlet/taglib/LiferayGlobalObjectPreAUIDynamicInclude.java
index fa527e78f63680..76e40fc5e8abb7 100644
--- a/modules/apps/frontend-js/frontend-js-web/src/main/java/com/liferay/frontend/js/web/internal/servlet/taglib/LiferayGlobalObjectPreAUIDynamicInclude.java
+++ b/modules/apps/frontend-js/frontend-js-web/src/main/java/com/liferay/frontend/js/web/internal/servlet/taglib/LiferayGlobalObjectPreAUIDynamicInclude.java
@@ -6,11 +6,14 @@
 package com.liferay.frontend.js.web.internal.servlet.taglib;
 
 import com.liferay.exportimport.kernel.staging.Staging;
+import com.liferay.frontend.js.web.internal.configuration.LiferayGlobalObjectConfiguration;
 import com.liferay.layout.seo.kernel.LayoutSEOLink;
 import com.liferay.layout.seo.kernel.LayoutSEOLinkManager;
 import com.liferay.petra.string.CharPool;
 import com.liferay.petra.string.StringBundler;
 import com.liferay.petra.string.StringPool;
+import com.liferay.portal.configuration.metatype.bnd.util.ConfigurableUtil;
+import com.liferay.portal.configuration.module.configuration.ConfigurationProvider;
 import com.liferay.portal.kernel.content.security.policy.ContentSecurityPolicyNonceProviderUtil;
 import com.liferay.portal.kernel.exception.PortalException;
 import com.liferay.portal.kernel.feature.flag.FeatureFlag;
@@ -23,6 +26,7 @@
 import com.liferay.portal.kernel.model.LayoutTypePortlet;
 import com.liferay.portal.kernel.model.User;
 import com.liferay.portal.kernel.model.impl.VirtualLayout;
+import com.liferay.portal.kernel.module.configuration.ConfigurationException;
 import com.liferay.portal.kernel.security.auth.AuthToken;
 import com.liferay.portal.kernel.security.permission.ActionKeys;
 import com.liferay.portal.kernel.service.permission.LayoutPermission;
@@ -63,6 +67,7 @@
 import java.text.Format;
 import java.text.SimpleDateFormat;
 
+import java.util.Collections;
 import java.util.Locale;
 import java.util.Map;
 import java.util.TimeZone;
@@ -87,6 +92,9 @@ public void include(
 			HttpServletResponse httpServletResponse, String key)
 		throws IOException {
 
+		LiferayGlobalObjectConfiguration liferayGlobalObjectConfiguration =
+			_getLiferayGlobalObjectConfiguration(httpServletRequest);
+
 		PrintWriter printWriter = httpServletResponse.getWriter();
 
 		printWriter.print("<script");
@@ -107,7 +115,8 @@ public void include(
 			_renderLiferayPortlet(sb);
 			_renderLiferayPortletKeys(sb);
 			_renderLiferayPropsValues(httpServletRequest, sb);
-			_renderLiferayThemeDisplay(httpServletRequest, sb);
+			_renderLiferayThemeDisplay(
+				httpServletRequest, liferayGlobalObjectConfiguration, sb);
 			_renderLiferayUtil(sb);
 
 			_renderValue(
@@ -210,6 +219,35 @@ else if (dayIndex < monthIndex) {
 		return dateFormatPattern;
 	}
 
+	private LiferayGlobalObjectConfiguration
+		_getLiferayGlobalObjectConfiguration(
+			HttpServletRequest httpServletRequest) {
+
+		LiferayGlobalObjectConfiguration liferayGlobalObjectConfiguration;
+
+		long companyId = _portal.getCompanyId(httpServletRequest);
+
+		try {
+			liferayGlobalObjectConfiguration =
+				_configurationProvider.getCompanyConfiguration(
+					LiferayGlobalObjectConfiguration.class, companyId);
+		}
+		catch (ConfigurationException configurationException) {
+			if (_log.isWarnEnabled()) {
+				_log.warn(
+					"Using default configuration for company " + companyId,
+					configurationException);
+			}
+
+			liferayGlobalObjectConfiguration =
+				ConfigurableUtil.createConfigurable(
+					LiferayGlobalObjectConfiguration.class,
+					Collections.emptyMap());
+		}
+
+		return liferayGlobalObjectConfiguration;
+	}
+
 	private void _renderLiferayAUI(
 		HttpServletRequest httpServletRequest, StringBundler sb) {
 
@@ -499,7 +537,9 @@ private void _renderLiferayPropsValues(
 	}
 
 	private void _renderLiferayThemeDisplay(
-			HttpServletRequest httpServletRequest, StringBundler sb)
+			HttpServletRequest httpServletRequest,
+			LiferayGlobalObjectConfiguration liferayGlobalObjectConfiguration,
+			StringBundler sb)
 		throws PortalException {
 
 		sb.append("ThemeDisplay: {\n");
@@ -581,8 +621,11 @@ private void _renderLiferayThemeDisplay(
 		_renderMethod("getPlid", sb, themeDisplay.getPlid());
 		_renderMethod("getPortalURL", sb, themeDisplay.getPortalURL());
 		_renderMethod("getRealUserId", sb, themeDisplay.getRealUserId());
-		_renderMethod("getRemoteAddr", sb, themeDisplay.getRemoteAddr());
-		_renderMethod("getRemoteHost", sb, themeDisplay.getRemoteHost());
+
+		if (!liferayGlobalObjectConfiguration.disableGetRemoteMethods()) {
+			_renderMethod("getRemoteAddr", sb, themeDisplay.getRemoteAddr());
+			_renderMethod("getRemoteHost", sb, themeDisplay.getRemoteHost());
+		}
 
 		Group scopeGroup = themeDisplay.getScopeGroup();
 
@@ -751,6 +794,9 @@ else if (value instanceof String) {
 	@Reference
 	private AuthToken _authToken;
 
+	@Reference
+	private ConfigurationProvider _configurationProvider;
+
 	private final Map<Locale, String> _displayNames = new ConcurrentHashMap<>();
 
 	@Reference
diff --git a/modules/apps/portal-language/portal-language-lang/src/main/resources/content/Language.properties b/modules/apps/portal-language/portal-language-lang/src/main/resources/content/Language.properties
index 9fbef4107c7273..6cca39ab41bb8f 100644
--- a/modules/apps/portal-language/portal-language-lang/src/main/resources/content/Language.properties
+++ b/modules/apps/portal-language/portal-language-lang/src/main/resources/content/Language.properties
@@ -6224,6 +6224,8 @@ disable-as-a-collection-provider-help=Disabling this as a collection provider wi
 disable-caching=Disable Caching
 disable-document-recording=Disable Document Recording
 disable-forwarding=Disable Forwarding
+disable-get-remote-methods=Disable getRemoteAddr() and getRemoteHost() methods
+disable-get-remote-methods-help=If checked, the methods getRemoteAddr() and getRemoteHost() will be undefined within the Liferay.ThemeDisplay global object. This configuration is primarily implemented to mitigate privacy risks by avoiding the exposure of client IP/host information and to optimize performance by allowing public caching of pages for unauthenticated users. Note that checking this option will make custom code that relies on these methods fail.
 disable-globally=Disable Multi-Factor Authentication
 disable-globally-description=Disable multi-factor authentication system-wide.
 disable-inheritance-confirmation=Disable Inheritance Confirmation
@@ -10783,6 +10785,7 @@ licenses-registered=Licenses Registered
 liferay=Liferay
 liferay-analytics-key=Liferay Analytics Key
 liferay-dxp-instance-has-to-be-connected-with-analytics-cloud-to-view-content-performance-metrics-and-build-a-successful-content-strategy=In order to view content performance metrics and build a successful content strategy, your Liferay DXP instance has to be connected with Liferay Analytics Cloud.
+liferay-global-object-configuration-name=Liferay Global Object
 liferay-has-failed-to-connect-to-the-ldap-server=Liferay has failed to connect to the LDAP server. Please check your configuration and verify that the LDAP server is running.
 liferay-has-failed-to-connect-to-the-opensso-server=Liferay has failed to connect to the OpenSSO server. Please check your configuration and verify that the OpenSSO server is running.
 liferay-has-failed-to-connect-to-the-opensso-services=Liferay has failed to connect to the OpenSSO services. Please verify that the OpenSSO services are running.

From 533ebee09c1c245a22c1fd012326bbd705bbe4ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Iv=C3=A1n=20Zaera=20Avell=C3=B3n?= <ivan.zaera@liferay.com>
Date: Fri, 28 Nov 2025 13:24:23 +0100
Subject: [PATCH 2/3] LPD-72782 Fix and improve test

---
 .../taglib/dependencies/liferay.js.tpl        |   2 +-
 ...yGlobalObjectPreAUIDynamicIncludeTest.java | 191 ++++++++++++++----
 .../taglib/dependencies/liferay_test.js.tpl   |   1 -
 3 files changed, 154 insertions(+), 40 deletions(-)

diff --git a/modules/apps/frontend-js/frontend-js-web/src/main/resources/com/liferay/frontend/js/web/internal/servlet/taglib/dependencies/liferay.js.tpl b/modules/apps/frontend-js/frontend-js-web/src/main/resources/com/liferay/frontend/js/web/internal/servlet/taglib/dependencies/liferay.js.tpl
index 5c270b37924256..cbbaa4cbeb6d0e 100644
--- a/modules/apps/frontend-js/frontend-js-web/src/main/resources/com/liferay/frontend/js/web/internal/servlet/taglib/dependencies/liferay.js.tpl
+++ b/modules/apps/frontend-js/frontend-js-web/src/main/resources/com/liferay/frontend/js/web/internal/servlet/taglib/dependencies/liferay.js.tpl
@@ -42,7 +42,7 @@
 
 				merge(target[key], source[key]);
 			}
-else {
+			else {
 				Object.assign(target, { [key]: source[key] });
 			}
 		}
diff --git a/modules/apps/frontend-js/frontend-js-web/src/test/java/com/liferay/frontend/js/web/internal/servlet/taglib/LiferayGlobalObjectPreAUIDynamicIncludeTest.java b/modules/apps/frontend-js/frontend-js-web/src/test/java/com/liferay/frontend/js/web/internal/servlet/taglib/LiferayGlobalObjectPreAUIDynamicIncludeTest.java
index b9adb4b72aa237..929a9c7ef02765 100644
--- a/modules/apps/frontend-js/frontend-js-web/src/test/java/com/liferay/frontend/js/web/internal/servlet/taglib/LiferayGlobalObjectPreAUIDynamicIncludeTest.java
+++ b/modules/apps/frontend-js/frontend-js-web/src/test/java/com/liferay/frontend/js/web/internal/servlet/taglib/LiferayGlobalObjectPreAUIDynamicIncludeTest.java
@@ -6,10 +6,13 @@
 package com.liferay.frontend.js.web.internal.servlet.taglib;
 
 import com.liferay.exportimport.kernel.staging.Staging;
+import com.liferay.frontend.js.web.internal.configuration.LiferayGlobalObjectConfiguration;
 import com.liferay.layout.seo.kernel.LayoutSEOLink;
 import com.liferay.layout.seo.kernel.LayoutSEOLinkManager;
 import com.liferay.petra.string.StringBundler;
 import com.liferay.petra.string.StringPool;
+import com.liferay.portal.configuration.module.configuration.ConfigurationProvider;
+import com.liferay.portal.kernel.content.security.policy.ContentSecurityPolicyNonceProviderUtil;
 import com.liferay.portal.kernel.feature.flag.FeatureFlag;
 import com.liferay.portal.kernel.feature.flag.FeatureFlagManager;
 import com.liferay.portal.kernel.language.Language;
@@ -46,8 +49,9 @@
 import java.util.TimeZone;
 import java.util.function.Predicate;
 
+import org.junit.After;
 import org.junit.Assert;
-import org.junit.Ignore;
+import org.junit.Before;
 import org.junit.Test;
 
 import org.mockito.MockedStatic;
@@ -65,45 +69,32 @@ public class LiferayGlobalObjectPreAUIDynamicIncludeTest {
 	public static final LiferayUnitTestRule liferayUnitTestRule =
 		LiferayUnitTestRule.INSTANCE;
 
-	@Ignore
+	@Before
+	public void setUp() {
+		_browserSnifferUtilMockedStatic = _mockBrowserSnifferUtil();
+		_contentSecurityPolicyNonceProviderUtilMockedStatic =
+			_mockContentSecurityPolicyNonceProviderUtil();
+		_portalWebResourcesUtilMockedStatic = _mockPortalWebResourcesUtil();
+		_shutdownUtilMockedStatic = _mockShutdownUtil();
+		_timeMockedStatic = _mockTime();
+	}
+
+	@After
+	public void tearDown() {
+		_browserSnifferUtilMockedStatic.close();
+		_contentSecurityPolicyNonceProviderUtilMockedStatic.close();
+		_portalWebResourcesUtilMockedStatic.close();
+		_shutdownUtilMockedStatic.close();
+		_timeMockedStatic.close();
+	}
+
 	@Test
 	public void test() throws Exception {
 		LiferayGlobalObjectPreAUIDynamicInclude
 			liferayGlobalObjectPreAUIDynamicInclude =
 				new LiferayGlobalObjectPreAUIDynamicInclude();
 
-		ReflectionTestUtil.setFieldValue(
-			liferayGlobalObjectPreAUIDynamicInclude, "_authToken",
-			_mockAuthToken());
-		ReflectionTestUtil.setFieldValue(
-			liferayGlobalObjectPreAUIDynamicInclude, "_fastDateFormatFactory",
-			_mockFastDateFormatFactory());
-		ReflectionTestUtil.setFieldValue(
-			liferayGlobalObjectPreAUIDynamicInclude, "_featureFlagManager",
-			_mockFeatureFlagManager());
-		ReflectionTestUtil.setFieldValue(
-			liferayGlobalObjectPreAUIDynamicInclude, "_language",
-			_mockLanguage());
-		ReflectionTestUtil.setFieldValue(
-			liferayGlobalObjectPreAUIDynamicInclude, "_layoutSEOLinkManager",
-			_mockLayoutSEOLinkManager());
-		ReflectionTestUtil.setFieldValue(
-			liferayGlobalObjectPreAUIDynamicInclude, "_portal", _mockPortal());
-		ReflectionTestUtil.setFieldValue(
-			liferayGlobalObjectPreAUIDynamicInclude, "_prefsProps",
-			Mockito.mock(PrefsProps.class));
-		ReflectionTestUtil.setFieldValue(
-			liferayGlobalObjectPreAUIDynamicInclude, "_staging",
-			_mockStaging());
-		ReflectionTestUtil.setFieldValue(
-			liferayGlobalObjectPreAUIDynamicInclude,
-			"_uploadServletRequestConfigurationProvider",
-			Mockito.mock(UploadServletRequestConfigurationProvider.class));
-
-		_mockBrowserSnifferUtil();
-		_mockPortalWebResourcesUtil();
-		_mockShutdownUtil();
-		_mockTime();
+		_setupDefaultMocks(liferayGlobalObjectPreAUIDynamicInclude);
 
 		MockHttpServletResponse mockHttpServletResponse =
 			new MockHttpServletResponse();
@@ -117,6 +108,33 @@ public void test() throws Exception {
 			StringUtil.trim(mockHttpServletResponse.getContentAsString()));
 	}
 
+	@Test
+	public void testDisableGetRemoteMethodsConfiguration() throws Exception {
+		LiferayGlobalObjectPreAUIDynamicInclude
+			liferayGlobalObjectPreAUIDynamicInclude =
+				new LiferayGlobalObjectPreAUIDynamicInclude();
+
+		_setupDefaultMocks(liferayGlobalObjectPreAUIDynamicInclude);
+
+		ReflectionTestUtil.setFieldValue(
+			liferayGlobalObjectPreAUIDynamicInclude, "_configurationProvider",
+			_mockConfigurationProvider(true));
+
+		MockHttpServletResponse mockHttpServletResponse =
+			new MockHttpServletResponse();
+
+		liferayGlobalObjectPreAUIDynamicInclude.include(
+			_mockHttpServletRequest(), mockHttpServletResponse,
+			StringPool.BLANK);
+
+		String contentAsString = mockHttpServletResponse.getContentAsString();
+
+		Assert.assertFalse(
+			contentAsString.contains("getRemoteAddr: () => '127.0.0.1',"));
+		Assert.assertFalse(
+			contentAsString.contains("getRemoteHost: () => '127.0.0.1',"));
+	}
+
 	private AuthToken _mockAuthToken() {
 		AuthToken authToken = Mockito.mock(AuthToken.class);
 
@@ -129,7 +147,7 @@ private AuthToken _mockAuthToken() {
 		return authToken;
 	}
 
-	private void _mockBrowserSnifferUtil() {
+	private MockedStatic<BrowserSnifferUtil> _mockBrowserSnifferUtil() {
 		MockedStatic<BrowserSnifferUtil> browserSnifferUtilMockedStatic =
 			Mockito.mockStatic(BrowserSnifferUtil.class);
 
@@ -155,6 +173,52 @@ private void _mockBrowserSnifferUtil() {
 		).thenReturn(
 			"42.0"
 		);
+
+		return browserSnifferUtilMockedStatic;
+	}
+
+	private ConfigurationProvider _mockConfigurationProvider(
+			boolean disableGetRemoteMethods)
+		throws Exception {
+
+		ConfigurationProvider configurationProvider = Mockito.mock(
+			ConfigurationProvider.class);
+
+		LiferayGlobalObjectConfiguration liferayGlobalObjectConfiguration =
+			Mockito.mock(LiferayGlobalObjectConfiguration.class);
+
+		Mockito.when(
+			liferayGlobalObjectConfiguration.disableGetRemoteMethods()
+		).thenReturn(
+			disableGetRemoteMethods
+		);
+
+		Mockito.when(
+			configurationProvider.getCompanyConfiguration(
+				Mockito.any(), Mockito.anyLong())
+		).thenReturn(
+			liferayGlobalObjectConfiguration
+		);
+
+		return configurationProvider;
+	}
+
+	private MockedStatic<ContentSecurityPolicyNonceProviderUtil>
+		_mockContentSecurityPolicyNonceProviderUtil() {
+
+		MockedStatic<ContentSecurityPolicyNonceProviderUtil>
+			contentSecurityPolicyNonceProviderUtilMockedStatic =
+				Mockito.mockStatic(
+					ContentSecurityPolicyNonceProviderUtil.class);
+
+		contentSecurityPolicyNonceProviderUtilMockedStatic.when(
+			() -> ContentSecurityPolicyNonceProviderUtil.getNonceAttribute(
+				Mockito.any())
+		).thenReturn(
+			StringPool.BLANK
+		);
+
+		return contentSecurityPolicyNonceProviderUtilMockedStatic;
 	}
 
 	private FastDateFormatFactory _mockFastDateFormatFactory() {
@@ -322,7 +386,7 @@ private Portal _mockPortal() throws Exception {
 		return portal;
 	}
 
-	private void _mockPortalWebResourcesUtil() {
+	private MockedStatic<PortalWebResourcesUtil> _mockPortalWebResourcesUtil() {
 		MockedStatic<PortalWebResourcesUtil>
 			portalWebResourcesUtilMockedStatic = Mockito.mockStatic(
 				PortalWebResourcesUtil.class);
@@ -333,9 +397,11 @@ private void _mockPortalWebResourcesUtil() {
 			(Answer<String>)
 				invocationOnMock -> "/o/" + invocationOnMock.getArgument(0)
 		);
+
+		return portalWebResourcesUtilMockedStatic;
 	}
 
-	private void _mockShutdownUtil() {
+	private MockedStatic<ShutdownUtil> _mockShutdownUtil() {
 		MockedStatic<ShutdownUtil> shutdownUtilMockedStatic =
 			Mockito.mockStatic(ShutdownUtil.class);
 
@@ -344,6 +410,8 @@ private void _mockShutdownUtil() {
 		).thenReturn(
 			true
 		);
+
+		return shutdownUtilMockedStatic;
 	}
 
 	private Staging _mockStaging() {
@@ -484,7 +552,7 @@ private ThemeDisplay _mockThemeDisplay() {
 		return themeDisplay;
 	}
 
-	private void _mockTime() {
+	private MockedStatic<Time> _mockTime() {
 		MockedStatic<Time> timeMockedStatic = Mockito.mockStatic(Time.class);
 
 		timeMockedStatic.when(
@@ -492,6 +560,8 @@ private void _mockTime() {
 		).thenReturn(
 			new Date(109, 3, 23)
 		);
+
+		return timeMockedStatic;
 	}
 
 	private String _read(String name) throws Exception {
@@ -503,4 +573,49 @@ private String _read(String name) throws Exception {
 		}
 	}
 
+	private void _setupDefaultMocks(
+			LiferayGlobalObjectPreAUIDynamicInclude
+				liferayGlobalObjectPreAUIDynamicInclude)
+		throws Exception {
+
+		ReflectionTestUtil.setFieldValue(
+			liferayGlobalObjectPreAUIDynamicInclude, "_authToken",
+			_mockAuthToken());
+		ReflectionTestUtil.setFieldValue(
+			liferayGlobalObjectPreAUIDynamicInclude, "_configurationProvider",
+			_mockConfigurationProvider(false));
+		ReflectionTestUtil.setFieldValue(
+			liferayGlobalObjectPreAUIDynamicInclude, "_fastDateFormatFactory",
+			_mockFastDateFormatFactory());
+		ReflectionTestUtil.setFieldValue(
+			liferayGlobalObjectPreAUIDynamicInclude, "_featureFlagManager",
+			_mockFeatureFlagManager());
+		ReflectionTestUtil.setFieldValue(
+			liferayGlobalObjectPreAUIDynamicInclude, "_language",
+			_mockLanguage());
+		ReflectionTestUtil.setFieldValue(
+			liferayGlobalObjectPreAUIDynamicInclude, "_layoutSEOLinkManager",
+			_mockLayoutSEOLinkManager());
+		ReflectionTestUtil.setFieldValue(
+			liferayGlobalObjectPreAUIDynamicInclude, "_portal", _mockPortal());
+		ReflectionTestUtil.setFieldValue(
+			liferayGlobalObjectPreAUIDynamicInclude, "_prefsProps",
+			Mockito.mock(PrefsProps.class));
+		ReflectionTestUtil.setFieldValue(
+			liferayGlobalObjectPreAUIDynamicInclude, "_staging",
+			_mockStaging());
+		ReflectionTestUtil.setFieldValue(
+			liferayGlobalObjectPreAUIDynamicInclude,
+			"_uploadServletRequestConfigurationProvider",
+			Mockito.mock(UploadServletRequestConfigurationProvider.class));
+	}
+
+	private MockedStatic<BrowserSnifferUtil> _browserSnifferUtilMockedStatic;
+	private MockedStatic<ContentSecurityPolicyNonceProviderUtil>
+		_contentSecurityPolicyNonceProviderUtilMockedStatic;
+	private MockedStatic<PortalWebResourcesUtil>
+		_portalWebResourcesUtilMockedStatic;
+	private MockedStatic<ShutdownUtil> _shutdownUtilMockedStatic;
+	private MockedStatic<Time> _timeMockedStatic;
+
 }
\ No newline at end of file
diff --git a/modules/apps/frontend-js/frontend-js-web/src/test/resources/com/liferay/frontend/js/web/internal/servlet/taglib/dependencies/liferay_test.js.tpl b/modules/apps/frontend-js/frontend-js-web/src/test/resources/com/liferay/frontend/js/web/internal/servlet/taglib/dependencies/liferay_test.js.tpl
index 943df749505781..d7b694fe8aa583 100644
--- a/modules/apps/frontend-js/frontend-js-web/src/test/resources/com/liferay/frontend/js/web/internal/servlet/taglib/dependencies/liferay_test.js.tpl
+++ b/modules/apps/frontend-js/frontend-js-web/src/test/resources/com/liferay/frontend/js/web/internal/servlet/taglib/dependencies/liferay_test.js.tpl
@@ -101,7 +101,6 @@ type: 'warning'
 ],
 },
 FeatureFlags: {
-'LPD-00042': true,
 },
 Language: {
 	_cache:

From 0b7f3900550c56c6c1abcc8b435ce36153af93cb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Iv=C3=A1n=20Zaera=20Avell=C3=B3n?= <ivan.zaera@liferay.com>
Date: Mon, 1 Dec 2025 09:14:51 +0100
Subject: [PATCH 3/3] LPD-72782 Run "ant
 update-portal-osgi-configuration-properties"

---
 ...tension-type-instance-settings.schema.json | 19 +++++++++++++++++++
 .../src/portal-osgi-configuration.properties  |  4 ++++
 2 files changed, 23 insertions(+)

diff --git a/modules/sdk/gradle-plugins-workspace/src/main/resources/schemas/client-extension-type-instance-settings.schema.json b/modules/sdk/gradle-plugins-workspace/src/main/resources/schemas/client-extension-type-instance-settings.schema.json
index 630a2473698e43..d68d45b38544c4 100644
--- a/modules/sdk/gradle-plugins-workspace/src/main/resources/schemas/client-extension-type-instance-settings.schema.json
+++ b/modules/sdk/gradle-plugins-workspace/src/main/resources/schemas/client-extension-type-instance-settings.schema.json
@@ -2030,6 +2030,24 @@
 			],
 			"title": "Frontend Caching"
 		},
+		{
+			"properties": {
+				"disableGetRemoteMethods": {
+					"default": false,
+					"description": "If checked, the methods getRemoteAddr() and getRemoteHost() will be undefined within the Liferay.ThemeDisplay global object. This configuration is primarily implemented to mitigate privacy risks by avoiding the exposure of client IP/host information and to optimize performance by allowing public caching of pages for unauthenticated users. Note that checking this option will make custom code that relies on these methods fail.",
+					"title": "Disable getRemoteAddr() and getRemoteHost() methods",
+					"type": "boolean"
+				},
+				"pid": {
+					"const": "com.liferay.frontend.js.web.internal.configuration.LiferayGlobalObjectConfiguration",
+					"title": "Liferay Global Object"
+				}
+			},
+			"required": [
+				"pid"
+			],
+			"title": "Liferay Global Object"
+		},
 		{
 			"properties": {
 				"addDefaultStructures": {
@@ -4870,6 +4888,7 @@
 				"com.liferay.frontend.js.spa.web.internal.configuration.SPAConfiguration",
 				"com.liferay.frontend.js.web.internal.configuration.CustomDialogsSettingsConfiguration",
 				"com.liferay.frontend.js.web.internal.configuration.FrontendCachingConfiguration",
+				"com.liferay.frontend.js.web.internal.configuration.LiferayGlobalObjectConfiguration",
 				"com.liferay.journal.configuration.JournalServiceConfiguration",
 				"com.liferay.layout.content.page.editor.web.internal.configuration.PageEditorConfiguration",
 				"com.liferay.layout.locked.layouts.web.internal.configuration.LockedLayoutsCompanyConfiguration",
diff --git a/portal-impl/src/portal-osgi-configuration.properties b/portal-impl/src/portal-osgi-configuration.properties
index e9302658afdb7d..e75ae2ad77d21d 100644
--- a/portal-impl/src/portal-osgi-configuration.properties
+++ b/portal-impl/src/portal-osgi-configuration.properties
@@ -2959,6 +2959,10 @@
     #
     #configuration.override.com.liferay.frontend.js.web.internal.configuration.FrontendCachingConfiguration_sendNoCacheForESModules=
     #
+    # Env: LIFERAY_CONFIGURATION_PERIOD_OVERRIDE_PERIOD_COM_PERIOD_LIFERAY_PERIOD_FRONTEND_PERIOD_JS_PERIOD_WEB_PERIOD_INTERNAL_PERIOD_CONFIGURATION_PERIOD__UPPERCASEL_IFERAY_UPPERCASEG_LOBAL_UPPERCASEO_BJECT_UPPERCASEC_ONFIGURATION_UNDERLINE_DISABLE_UPPERCASEG_ET_UPPERCASER_EMOTE_UPPERCASEM_ETHODS
+    #
+    #configuration.override.com.liferay.frontend.js.web.internal.configuration.LiferayGlobalObjectConfiguration_disableGetRemoteMethods=
+    #
     # Env: LIFERAY_CONFIGURATION_PERIOD_OVERRIDE_PERIOD_COM_PERIOD_LIFERAY_PERIOD_FRONTEND_PERIOD_JS_PERIOD_WEB_PERIOD_INTERNAL_PERIOD_SESSION_PERIOD_TIMEOUT_PERIOD_CONFIGURATION_PERIOD__UPPERCASES_ESSION_UPPERCASET_IMEOUT_UPPERCASEC_ONFIGURATION_UNDERLINE_AUTO_UPPERCASEE_XTEND
     #
     #configuration.override.com.liferay.frontend.js.web.internal.session.timeout.configuration.SessionTimeoutConfiguration_autoExtend=