NOTE: The Feature-Policy header has been deprecated by browsers in favor of Permissions-Policy. This module will still be supported but no new features will be added.

This is Express middleware to set the Feature-Policy header. You can read more about it here and here.

To use:

const featurePolicy = require("feature-policy");

// ...

app.use(
  featurePolicy({
    features: {
      fullscreen: ["'self'"],
      vibrate: ["'none'"],
      payment: ["example.com"],
      syncXhr: ["'none'"],
    },
  })
);

The following features are currently supported:

accelerometer
ambientLightSensor
autoplay
battery
camera
displayCapture
documentDomain
documentWrite
encryptedMedia
executionWhileNotRendered
executionWhileOutOfViewport
fontDisplayLateSwap
fullscreen
geolocation
gyroscope
layoutAnimations
legacyImageFormats
loadingFrameDefaultEager
magnetometer
microphone
midi
navigationOverride
notifications
oversizedImages
payment
pictureInPicture
publickeyCredentials
push
serial
speaker
syncScript
syncXhr
unoptimizedImages
unoptimizedLosslessImages
unoptimizedLossyImages
unsizedMedia
usb
verticalScroll
vibrate
vr
wakeLock
xr
xrSpatialTracking

Keywords

FAQs

What is feature-policy?

Is feature-policy popular?

Is feature-policy well maintained?

Last updated on 23 Dec 2020

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

feature-policy

.css-1z04cui{margin-bottom:var(--chakra-space-4);font-size:var(--chakra-fontSizes-md);}0.6.0 - 2020-12-22

Changed

Feature Policy

Keywords

Related posts

OpenJS: “XZ Utils Cyberattack Likely Not an Isolated Incident”

Connect with Socket at RSA and BSidesSF 2024

0.6.0 - 2020-12-22