UNPKG

feature-policy

Version:

Middleware to set the Feature-Policy HTTP header

github.com/helmetjs/feature-policy

helmetjs/feature-policy

73 lines (63 loc) 1.63 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# Feature Policy [![Build Status](https://travis-ci.org/helmetjs/feature-policy.svg?branch=master)](https://travis-ci.org/helmetjs/feature-policy) **NOTE: The `Feature-Policy` header has been deprecated by browsers in favor of `Permissions-Policy`. This module will still be supported but no new features will be added.** This is Express middleware to set the `Feature-Policy` header. You can read more about it [here](https://scotthelme.co.uk/a-new-security-header-feature-policy/) and [here](https://developers.google.com/web/updates/2018/06/feature-policy). To use: ```javascript const featurePolicy = require("feature-policy"); // ... app.use( featurePolicy({ features: { fullscreen: ["'self'"], vibrate: ["'none'"], payment: ["example.com"], syncXhr: ["'none'"], }, }) ); ``` The following features are currently supported: - `accelerometer` - `ambientLightSensor` - `autoplay` - `battery` - `camera` - `displayCapture` - `documentDomain` - `documentWrite` - `encryptedMedia` - `executionWhileNotRendered` - `executionWhileOutOfViewport` - `fontDisplayLateSwap` - `fullscreen` - `geolocation` - `gyroscope` - `layoutAnimations` - `legacyImageFormats` - `loadingFrameDefaultEager` - `magnetometer` - `microphone` - `midi` - `navigationOverride` - `notifications` - `oversizedImages` - `payment` - `pictureInPicture` - `publickeyCredentials` - `push` - `serial` - `speaker` - `syncScript` - `syncXhr` - `unoptimizedImages` - `unoptimizedLosslessImages` - `unoptimizedLossyImages` - `unsizedMedia` - `usb` - `verticalScroll` - `vibrate` - `vr` - `wakeLock` - `xr` - `xrSpatialTracking`