How to use the helmet.featurePolicy function in helmet
To help you get started, we’ve selected a few helmet examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
Ismaestro / angular8-example-app / server.ts View on Github 
// Because of this https://github.com/angular/angular/issues/18199#issue-243593688
(global as any).XMLHttpRequest = require('xmlhttprequest').XMLHttpRequest;
const app = express();
const PORT = process.env.PORT || 4000;
const DIST_FOLDER = join(process.cwd(), 'dist');
const routes = [
{path: '/es/*', view: 'es/index', bundle: require(join(DIST_FOLDER, 'server', 'es', 'main'))},
{path: '/*', view: 'index', bundle: require(join(DIST_FOLDER, 'server', 'en', 'main'))}
];
app.use(helmet());
app.use(helmet.referrerPolicy({policy: 'same-origin'}));
app.use(helmet.noCache());
app.use(helmet.featurePolicy({
features: {
fullscreen: ['\'self\''],
payment: ['\'none\''],
syncXhr: ['\'none\'']
}
}));
app.use(helmet.contentSecurityPolicy({
directives: AppConfig.cspDirectives
}));
// Load your engine
app.engine('html', (filePath, options: any, callback) => {
options.engine(
filePath,
{req: options.req, res: options.res},let users = [];
console.log('INFO: Redirect URL: ' + redirect_uri);
app.disable('x-powered-by');
app.use(function (req, res, next) {
res.set('Server', 'Yes');
next();
});
app.use(
csp({
directives: {
defaultSrc: ['"self"']
}
}),
helmet.featurePolicy({
features: {
fullscreen: ['"self"'],
vibrate: ['"none"'],
payment: ['"none"'],
syncXhr: ['"none"']
}
}),
helmet.referrerPolicy({ policy: 'same-origin' }),
helmet.frameguard({
action: 'deny'
}),
helmet.hsts({
maxAge: 15768000 //Six Months in Seconds
}),
helmet.xssFilter(),
helmet.noSniff(),const redirect_uri = uriBack + '/callback';
const secTillDelete = 60;
let referer = '';
let rooms = [];
let users = [];
console.log('INFO: Redirect URL: ' + redirect_uri);
app.use(
csp({
directives: {
defaultSrc: ['https:', '"self"']
}
}),
helmet.featurePolicy({
features: {
fullscreen: ['"self"'],
vibrate: ['"none"'],
payment: ['"none"'],
syncXhr: ['"none"']
}
}),
helmet.referrerPolicy({ policy: 'same-origin' }),
helmet.frameguard({
action: 'deny'
}),
helmet.hsts({
maxAge: 15768000 //Six Months in Seconds
}),
helmet.xssFilter(),
helmet.noSniff(),const helmet = require('helmet');
core.enableProdMode();
const app = express();
const PORT = process.env.PORT || 4000;
const DIST_FOLDER = path.join(process.cwd(), 'dist');
const routes = [
{path: '/es/*', view: 'es/index', bundle: require('./dist/server/es/main')},
{path: '/*', view: 'index', bundle: require('./dist/server/en/main')}
];
app.use(helmet());
app.use(helmet.referrerPolicy({policy: 'same-origin'}));
app.use(helmet.noCache());
app.use(helmet.featurePolicy({
features: {
fullscreen: ['\'self\''],
payment: ['\'none\''],
syncXhr: ['\'none\'']
}
}));
const defaultList = ['\'self\'',
'http://*.google-analytics.com',
'https://*.google.com',
'https://*.google-analytics.com',
'https://*.googletagmanager.com',
'https://*.gstatic.com',
'https://*.googleapis.com',
'https://authedmine.com',
'https://az743702.vo.msecnd.net',helmet
help secure Express/Connect apps with various HTTP headers
Package Health Score
92 / 100Popular helmet functions
- helmet
- helmet.contentSecurityPolicy
- helmet.contentTypeOptions
- helmet.csp
- helmet.dnsPrefetchControl
- helmet.featurePolicy
- helmet.frameguard
- helmet.hidePoweredBy
- helmet.hpkp
- helmet.hsts
- helmet.ieNoOpen
- helmet.ienoopen
- helmet.iexss
- helmet.noCache
- helmet.noSniff
- helmet.nosniff
- helmet.permittedCrossDomainPolicies
- helmet.referrerPolicy
- helmet.xframe
- helmet.xssFilter