npm
Sign UpSign In

@financial-times/feature-policy-header

0.6.1 • Public • Published

Feature Policy Header

An Express middleware for adding a FeaturePolicy header to web traffic. Exposes a single function, init, which decorates a response object with a Feature-Policy header.

Usage

This module is compatible with Node 16+ and is distributed on npm.

npm install --save @financial-times/feature-policy-header

After installing the module you can initialise it in your app's server file. This should be done before any routes are declared which will require the middleware.

+ const featurePolicy = require('@financial-times/feature-policy-header');

app.use(
+  featurePolicy.init()
)

Run your app and check in the Network tab to confirm that the expected headers have been set.

Restricted Features

The restricted features can be found in src/restricted-features.json. Each feature relates to a browser API which we want to disallow on our user-facing pages. Any attempt to access a restricted API will throw a console error.

The full list of compatible features is listed on https://featurepolicy.info/.

Report-To Header

The Report-To header is required to integrate with our Report URI account and dashboards. The Cyber Security team use Report URI to collect reports relating to security headers, such as Feature-Policy, to gain visibility on their use, monitor trends and detect problems.

Readme

Keywords

none

Package Sidebar

Install

npm i @financial-times/feature-policy-header

Repository

github.com/Financial-Times/feature-policy-header

Homepage

github.com/Financial-Times/feature-policy-header

Weekly Downloads

3

Version

0.6.1

License

MIT

Unpacked Size

428 kB

Total Files

6

Last publish

Collaborators

  • robgodfrey
  • robertboulton
  • seraph2000
  • hamza.samih
  • notlee
  • emmalewis
  • aendra
  • the-ft
  • rowanmanning
  • chee
  • alexwilson
Try on RunKit
Report malware