Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

feature-policy

helmetjs1.2mMIT0.6.0TypeScript support: included

Middleware to set the Feature-Policy HTTP header

helmet, security, express, connect, feature-policy

readme

Feature Policy

Build Status

NOTE: The Feature-Policy header has been deprecated by browsers in favor of Permissions-Policy. This module will still be supported but no new features will be added.

This is Express middleware to set the Feature-Policy header. You can read more about it here and here.

To use:

const featurePolicy = require("feature-policy");

// ...

app.use(
  featurePolicy({
    features: {
      fullscreen: ["'self'"],
      vibrate: ["'none'"],
      payment: ["example.com"],
      syncXhr: ["'none'"],
    },
  })
);

The following features are currently supported:

  • accelerometer
  • ambientLightSensor
  • autoplay
  • battery
  • camera
  • displayCapture
  • documentDomain
  • documentWrite
  • encryptedMedia
  • executionWhileNotRendered
  • executionWhileOutOfViewport
  • fontDisplayLateSwap
  • fullscreen
  • geolocation
  • gyroscope
  • layoutAnimations
  • legacyImageFormats
  • loadingFrameDefaultEager
  • magnetometer
  • microphone
  • midi
  • navigationOverride
  • notifications
  • oversizedImages
  • payment
  • pictureInPicture
  • publickeyCredentials
  • push
  • serial
  • speaker
  • syncScript
  • syncXhr
  • unoptimizedImages
  • unoptimizedLosslessImages
  • unoptimizedLossyImages
  • unsizedMedia
  • usb
  • verticalScroll
  • vibrate
  • vr
  • wakeLock
  • xr
  • xrSpatialTracking

changelog

Changelog

0.6.0 - 2020-12-22

Changed

  • Updated readme about header deprecation
  • TypeScript: marked argument as Readonly

0.5.0 - 2020-04-16

Added

  • 7 new features: battery, displayCapture, executionWhileNotRendered, executionWhileOutOfViewport, navigationOverride, publickeyCredentials, and xrSpatialTracking

0.4.0 - 2019-09-01

Changed

  • Drop support for Node <8
  • Duplicate values are no longer allowed. See #4
  • Non-strings are not allowed in the array

0.3.0 - 2019-05-05

Added

  • 19 new features: ambientLightSensor, documentDomain, documentWrite, encryptedMedia, fontDisplayLateSwap, layoutAnimations, legacyImageFormats, loadingFrameDefaultEager, oversizedImages, pictureInPicture, serial, syncScript, unoptimizedImages, unoptimizedLosslessImages, unoptimizedLossyImages, unsizedMedia, verticalScroll, wakeLock, and xr
  • TypeScript definitions. See #2 and helmet#188
  • Created a changelog

Changed

  • Updated some package metadata

Changes in versions 0.2.0 and below can be found in Helmet's changelog.