Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

permissions-policy

pedro-gbf79.5kMIT0.6.0TypeScript support: included

Middleware to set the Permissions-Policy HTTP header

helmet, security, express, connect, permissions-policy

readme

Permissions Policy

Build Status

NOTE: Since the Feature-Policy header was deprecated I've decided to adapt the old Evan Hahn Permissions-Policy repository, this project was entirely built on top of his work.

This is a Express middleware to set the Permissions-Policy header. You can read more about it here.

To use:

const permissionsPolicy = require("permissions-policy");

// ...

app.use(
  permissionsPolicy({
    features: {
      fullscreen: ["self"], // fullscreen=()
      vibrate: ["none"], // vibrate=(none)
      payment: ["self", '"example.com"'], // payment=(self "example.com")
      syncXhr: [], // syncXhr=()
    },
  })
);

The following features are currently supported:

  • accelerometer
  • ambientLightSensor
  • autoplay
  • battery
  • camera
  • displayCapture
  • documentDomain
  • documentWrite
  • encryptedMedia
  • executionWhileNotRendered
  • executionWhileOutOfViewport
  • fontDisplayLateSwap
  • fullscreen
  • geolocation
  • gyroscope
  • interestCohort
  • layoutAnimations
  • legacyImageFormats
  • loadingFrameDefaultEager
  • magnetometer
  • microphone
  • midi
  • navigationOverride
  • notifications
  • oversizedImages
  • payment
  • pictureInPicture
  • publickeyCredentials
  • push
  • serial
  • speaker
  • syncScript
  • syncXhr
  • unoptimizedImages
  • unoptimizedLosslessImages
  • unoptimizedLossyImages
  • unsizedMedia
  • usb
  • verticalScroll
  • vibrate
  • vr
  • wakeLock
  • xr
  • xrSpatialTracking

changelog

Changelog

0.6.0 - 2021-04-19

Changed

  • Removed restrictions on which directives can be set, any key is allowed.
  • Added interest-cohort to the documentation.

0.5.0 - 2021-04-14

Added

  • Added support for interest-cohort policy.
  • Change compilation target to ES6.

0.4.0 - 2021-03-2

Added

  • Prettier configuration to auto format the code
  • Usage of Readonly on the user configuration feeded into the PermissionsPolicy function.
  • Usage of Record to declare the types of keys and objects when useful.

Changed

  • Updated dependencies to their latest version.

0.3.0 - 2020-11-22

Changed

  • Fixed an issue in the unit tests.

0.2.0 - 2020-09-27

Added

  • Features support empty arrays to indicate that the specific feature should be disable in every case.

Changed

  • BREAKING-CHANGE Removed support for Node < 10.

0.1.1 - 2020-09-25

Changed

  • Fixed the readme typos.

0.1.0 - 2020-09-25

Added

  • Initial release containing all the adaptations of the Feature Policy project to support the new Permissions-Policy header.

Changed

  • If you're migrating from the Feature Policy repo make note that for now on the reserved keywords don't need to be quoted but the specific feature values must be.
  • Added errors to safeguard the usage with the newest changes.
  • Reviewed all the tests.