UNPKG

feature-policy/README.md

Version:

1.63 kBMarkdownView Raw

1# Feature Policy
2
3[![Build Status](https://travis-ci.org/helmetjs/feature-policy.svg?branch=master)](https://travis-ci.org/helmetjs/feature-policy)
4
5**NOTE: The `Feature-Policy` header has been deprecated by browsers in favor of `Permissions-Policy`. This module will still be supported but no new features will be added.**
6
7This is Express middleware to set the `Feature-Policy` header. You can read more about it [here](https://scotthelme.co.uk/a-new-security-header-feature-policy/) and [here](https://developers.google.com/web/updates/2018/06/feature-policy).
8
9To use:
10
11```javascript
12const featurePolicy = require("feature-policy");
13
14// ...
15
16app.use(
17  featurePolicy({
18    features: {
19      fullscreen: ["'self'"],
20      vibrate: ["'none'"],
21      payment: ["example.com"],
22      syncXhr: ["'none'"],
23    },
24  })
25);
26```
27
28The following features are currently supported:
29
30- `accelerometer`
31- `ambientLightSensor`
32- `autoplay`
33- `battery`
34- `camera`
35- `displayCapture`
36- `documentDomain`
37- `documentWrite`
38- `encryptedMedia`
39- `executionWhileNotRendered`
40- `executionWhileOutOfViewport`
41- `fontDisplayLateSwap`
42- `fullscreen`
43- `geolocation`
44- `gyroscope`
45- `layoutAnimations`
46- `legacyImageFormats`
47- `loadingFrameDefaultEager`
48- `magnetometer`
49- `microphone`
50- `midi`
51- `navigationOverride`
52- `notifications`
53- `oversizedImages`
54- `payment`
55- `pictureInPicture`
56- `publickeyCredentials`
57- `push`
58- `serial`
59- `speaker`
60- `syncScript`
61- `syncXhr`
62- `unoptimizedImages`
63- `unoptimizedLosslessImages`
64- `unoptimizedLossyImages`
65- `unsizedMedia`
66- `usb`
67- `verticalScroll`
68- `vibrate`
69- `vr`
70- `wakeLock`
71- `xr`
72- `xrSpatialTracking`

1	`# Feature Policy`
2
3	`[![Build Status](https://travis-ci.org/helmetjs/feature-policy.svg?branch=master)](https://travis-ci.org/helmetjs/feature-policy)`
4
5	NOTE: The `Feature-Policy` header has been deprecated by browsers in favor of `Permissions-Policy`. This module will still be supported but no new features will be added.
6
7	This is Express middleware to set the `Feature-Policy` header. You can read more about it [here](https://scotthelme.co.uk/a-new-security-header-feature-policy/) and [here](https://developers.google.com/web/updates/2018/06/feature-policy).
8
9	`To use:`
10
11	```javascript
12	`const featurePolicy = require("feature-policy");`
13
14	`// ...`
15
16	`app.use(`
17	`featurePolicy({`
18	`features: {`
19	`fullscreen: ["'self'"],`
20	`vibrate: ["'none'"],`
21	`payment: ["example.com"],`
22	`syncXhr: ["'none'"],`
23	`},`
24	`})`
25	`);`
26	```
27
28	`The following features are currently supported:`
29
30	- `accelerometer`
31	- `ambientLightSensor`
32	- `autoplay`
33	- `battery`
34	- `camera`
35	- `displayCapture`
36	- `documentDomain`
37	- `documentWrite`
38	- `encryptedMedia`
39	- `executionWhileNotRendered`
40	- `executionWhileOutOfViewport`
41	- `fontDisplayLateSwap`
42	- `fullscreen`
43	- `geolocation`
44	- `gyroscope`
45	- `layoutAnimations`
46	- `legacyImageFormats`
47	- `loadingFrameDefaultEager`
48	- `magnetometer`
49	- `microphone`
50	- `midi`
51	- `navigationOverride`
52	- `notifications`
53	- `oversizedImages`
54	- `payment`
55	- `pictureInPicture`
56	- `publickeyCredentials`
57	- `push`
58	- `serial`
59	- `speaker`
60	- `syncScript`
61	- `syncXhr`
62	- `unoptimizedImages`
63	- `unoptimizedLosslessImages`
64	- `unoptimizedLossyImages`
65	- `unsizedMedia`
66	- `usb`
67	- `verticalScroll`
68	- `vibrate`
69	- `vr`
70	- `wakeLock`
71	- `xr`
72	- `xrSpatialTracking`