How to use the helmet.permittedCrossDomainPolicies function in helmet

imgSrc.push(url.origin)
}

// configure app
const app = express()
app.set('port', port)
app.set('logger', logger)
app.set('healthCheck', healthCheck)
app.set('periodSeconds ', periodSeconds)
app.set('io', api.io)
app.set('trust proxy', 1)
app.set('etag', false)
app.set('x-powered-by', false)

app.use(helmet.dnsPrefetchControl())
app.use(helmet.permittedCrossDomainPolicies())
app.use(helmet.noSniff())
app.use(helmet.hsts())
app.use('/auth', auth.router)
app.use('/api', api.router)
app.use('/webhook', githubWebhook.router)
app.get('/config.json', api.frontendConfig)

app.use(helmet.xssFilter())
app.use(helmet.contentSecurityPolicy({
  directives: {
    defaultSrc: ['\'self\''],
    connectSrc,
    styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://fonts.googleapis.com', 'https://cdn.materialdesignicons.com'],
    fontSrc: ['\'self\'', 'https://fonts.gstatic.com', 'https://cdn.materialdesignicons.com'],
    imgSrc,
    scriptSrc: ['\'self\'', '\'unsafe-eval\''],

pino({
    logger,
  })
);
// https://helmetjs.github.io/
staticRouter.use(
  helmet({
    frameguard: { action: 'sameorigin' },
    hsts: {
      maxAge: 31536000, // 1 year
      includeSubDomains: true,
      preload: true,
    },
  })
);
staticRouter.use(helmet.permittedCrossDomainPolicies());
staticRouter.use(helmet.noCache());
staticRouter.use((req, res, next) => {
  res.set('Request-Id', uuidv4());
  next();
});
staticRouter.use(
  staticMiddleware({
    config: Object.assign({}, deploy.staticServer.config, {
      public: path.relative(projectPath, output.htmlRoot),
    }),
  })
);
staticServer.use('/', staticRouter);

if (!isProductionEnv) {
  // https://www.npmjs.com/package/errorhandler

import loggerConfig from './config/loggerConfig';

import typeDefs from './graphql/schemas/schemas';
import resolvers from './graphql/resolvers/resolvers';
import schemaDirectives from './graphql/directives/directives';

const { NODE_ENV, SESSION_NAME, SESSION_SECRET, SESSION_MAX_AGE, MONGO_DB_URI, PORT } = process.env;

const app = express();

mongoose.set('useCreateIndex', true);

// Set Secure Headers with Helmet
app.use(helmet());
app.use(helmet.permittedCrossDomainPolicies());

// Serve React Application
// if (NODE_ENV !== 'development') {
app.use(express.static('dist'));
// }

// Set User Session
const MongoStore = connectMongo(session);
app.use(
  session({
    store: new MongoStore({ mongooseConnection: mongoose.connection }),
    name: SESSION_NAME,
    secret: SESSION_SECRET,
    resave: true,
    rolling: true,
    saveUninitialized: false,

// https://www.npmjs.com/package/compression
ssrRouter.use(compression());
// https://www.npmjs.com/connect-flash
ssrRouter.use(flash());
// https://helmetjs.github.io/
ssrRouter.use(
  helmet({
    frameguard: { action: 'sameorigin' },
    hsts: {
      maxAge: 31536000, // 1 year
      includeSubDomains: true,
      preload: true,
    },
  })
);
ssrRouter.use(helmet.permittedCrossDomainPolicies());
ssrRouter.use((req, res, next) => {
  res.set('Request-Id', uuidv4());
  next();
});

ssrRouter.use(
  i18nextMiddleware.handle(i18n, deploy.ssrServer.i18nextMiddlewareConfig)
);

ssrRouter.get(['/:entry/*', '/:entry', '/*'], ssrRoute);

ssrServer.use('/', ssrRouter);

if (bugsnagMiddleware) {
  ssrServer.use(bugsnagMiddleware.errorHandler);
} else if (!isProductionEnv) {