How to use the helmet.featurePolicy function in helmet

To help you get started, we’ve selected a few helmet examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github Ismaestro / angular8-example-app / server.ts View on Github external
// Because of this https://github.com/angular/angular/issues/18199#issue-243593688
(global as any).XMLHttpRequest = require('xmlhttprequest').XMLHttpRequest;

const app = express();
const PORT = process.env.PORT || 4000;
const DIST_FOLDER = join(process.cwd(), 'dist');
const routes = [
  {path: '/es/*', view: 'es/index', bundle: require(join(DIST_FOLDER, 'server', 'es', 'main'))},
  {path: '/*', view: 'index', bundle: require(join(DIST_FOLDER, 'server', 'en', 'main'))}
];

app.use(helmet());
app.use(helmet.referrerPolicy({policy: 'same-origin'}));
app.use(helmet.noCache());
app.use(helmet.featurePolicy({
  features: {
    fullscreen: ['\'self\''],
    payment: ['\'none\''],
    syncXhr: ['\'none\'']
  }
}));

app.use(helmet.contentSecurityPolicy({
  directives: AppConfig.cspDirectives
}));

// Load your engine
app.engine('html', (filePath, options: any, callback) => {
  options.engine(
    filePath,
    {req: options.req, res: options.res},
github Gabsii / spoti-vote / backend / app.js View on Github external
let users = [];

console.log('INFO: Redirect URL: ' + redirect_uri);

app.disable('x-powered-by');
app.use(function (req, res, next) {
    res.set('Server', 'Yes');
    next();
});
app.use(
    csp({
        directives: {
            defaultSrc: ['"self"']
        }
    }),
    helmet.featurePolicy({
        features: {
            fullscreen: ['"self"'],
            vibrate: ['"none"'],
            payment: ['"none"'],
            syncXhr: ['"none"']
        }
    }),
    helmet.referrerPolicy({ policy: 'same-origin' }),
    helmet.frameguard({
        action: 'deny'
    }),
    helmet.hsts({
        maxAge: 15768000 //Six Months in Seconds
    }),
    helmet.xssFilter(),
    helmet.noSniff(),
github Gabsii / spoti-vote / backend / src / app.js View on Github external
const redirect_uri = uriBack + '/callback';
const secTillDelete = 60;

let referer = '';
let rooms = [];
let users = [];

console.log('INFO: Redirect URL: ' + redirect_uri);

app.use(
	csp({
		directives: {
			defaultSrc: ['https:', '"self"']
		}
	}),
	helmet.featurePolicy({
		features: {
			fullscreen: ['"self"'],
			vibrate: ['"none"'],
			payment: ['"none"'],
			syncXhr: ['"none"']
		}
	}),
	helmet.referrerPolicy({ policy: 'same-origin' }),
	helmet.frameguard({
		action: 'deny'
	}),
	helmet.hsts({
		maxAge: 15768000 //Six Months in Seconds
	}),
	helmet.xssFilter(),
	helmet.noSniff(),
github Ismaestro / angular8-example-app / functions / index.js View on Github external
const helmet = require('helmet');

core.enableProdMode();

const app = express();
const PORT = process.env.PORT || 4000;
const DIST_FOLDER = path.join(process.cwd(), 'dist');
const routes = [
  {path: '/es/*', view: 'es/index', bundle: require('./dist/server/es/main')},
  {path: '/*', view: 'index', bundle: require('./dist/server/en/main')}
];

app.use(helmet());
app.use(helmet.referrerPolicy({policy: 'same-origin'}));
app.use(helmet.noCache());
app.use(helmet.featurePolicy({
  features: {
    fullscreen: ['\'self\''],
    payment: ['\'none\''],
    syncXhr: ['\'none\'']
  }
}));

const defaultList = ['\'self\'',
  'http://*.google-analytics.com',
  'https://*.google.com',
  'https://*.google-analytics.com',
  'https://*.googletagmanager.com',
  'https://*.gstatic.com',
  'https://*.googleapis.com',
  'https://authedmine.com',
  'https://az743702.vo.msecnd.net',