Add featurePolicy middleware

helmetjs · Oct 9, 2018 · db8fdc7 · db8fdc7
1 parent 0468c37
commit db8fdc7
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 2 deletions.
diff --git a/HISTORY.md b/HISTORY.md
@@ -1,3 +1,8 @@
+Unreleased
+==========
+
+- new: `featurePolicy` middleware
+
 3.13.0 / 2018-07-22
 ===================
 

diff --git a/README.md b/README.md
@@ -57,13 +57,15 @@ app.use(helmet({
 How it works
 ------------
 
-Helmet is a collection of 12 smaller middleware functions that set HTTP headers. Running `app.use(helmet())` will not include all of these middleware functions by default.
+Helmet is a collection of 14 smaller middleware functions that set HTTP headers. Running `app.use(helmet())` will not include all of these middleware functions by default.
 
 | Module | Default? |
 |---|---|
 | [contentSecurityPolicy](https://helmetjs.github.io/docs/csp/) for setting Content Security Policy |  |
-| [expectCt](https://helmetjs.github.io/docs/expect-ct/) for handling Certificate Transparency |  |
+| [crossdomain](https://helmetjs.github.io/docs/crossdomain/) for handling Adobe products' crossdomain requests |  |
 | [dnsPrefetchControl](https://helmetjs.github.io/docs/dns-prefetch-control) controls browser DNS prefetching | ✓ |
+| [expectCt](https://helmetjs.github.io/docs/expect-ct/) for handling Certificate Transparency |  |
+| [featurePolicy](https://helmetjs.github.io/docs/feature-policy/) to limit your site's features |  |
 | [frameguard](https://helmetjs.github.io/docs/frameguard/) to prevent clickjacking | ✓ |
 | [hidePoweredBy](https://helmetjs.github.io/docs/hide-powered-by) to remove the X-Powered-By header | ✓ |
 | [hpkp](https://helmetjs.github.io/docs/hpkp/) for HTTP Public Key Pinning |  |

diff --git a/index.js b/index.js
@@ -56,6 +56,7 @@ function helmet (options) {
 helmet.contentSecurityPolicy = require('helmet-csp')
 helmet.dnsPrefetchControl = require('dns-prefetch-control')
 helmet.expectCt = require('expect-ct')
+helmet.featurePolicy = require('feature-policy')
 helmet.frameguard = require('frameguard')
 helmet.hidePoweredBy = require('hide-powered-by')
 helmet.hpkp = require('hpkp')

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -30,6 +30,7 @@
     "dns-prefetch-control": "0.1.0",
     "dont-sniff-mimetype": "1.0.0",
     "expect-ct": "0.1.1",
+    "feature-policy": "0.1.0",
     "frameguard": "3.0.0",
     "helmet-crossdomain": "0.3.0",
     "helmet-csp": "2.7.1",

diff --git a/test/index.js b/test/index.js
@@ -28,6 +28,11 @@ describe('helmet', function () {
       assert.equal(helmet.expectCt, pkg)
     })
 
+    it('aliases "feature-policy"', function () {
+      const pkg = require('feature-policy')
+      assert.equal(helmet.featurePolicy, pkg)
+    })
+
     it('aliases "helmet-crossdomain"', function () {
       const pkg = require('helmet-crossdomain')
       assert.equal(helmet.permittedCrossDomainPolicies, pkg)