Testing feature-police

package.json

@@ -40,6 +40,7 @@
     "express-handlebars": "^3.0.2",
     "express-recaptcha": "^3.0.1",
     "express-session": "^1.15.6",
+    "feature-policy": "^0.2.0",
     "gulp-sourcemaps": "^2.6.5",
     "gulp-uglify-es": "^1.0.4",
     "helmet": "^3.16.0",

server/apps/admin.js

@@ -48,16 +48,22 @@ var bodyParser = require('body-parser');
 var cookieParser = require("cookie-parser");
 var referrerPolicy = require('referrer-policy');
 var helmet = require('helmet');
-app.use(helmet({
-  frameguard: false,
+var featurePolicy = require('feature-policy');
+app.use(featurePolicy({
     features: {
-    fullscreen: ["'self'"],
+        fullscreen: ["'*'"],
         vibrate: ["'none'"],
-    payment: ['none'],
-    syncXhr: ["'*'"],
+        payment: ["'none'"],
+        microphone: ["'none'"],
+        camera: ["'none'"],
+        speaker: ["*"],
+        syncXhr: ["'self'"],
         notifications: ["'self'"]
     }
 }));
+app.use(helmet({
+  frameguard: false,
+}));
 app.use(referrerPolicy({ policy: 'origin-when-cross-origin' }));
 app.enable('view cache');
 app.set('views', publicPath);

server/apps/client.js

@@ -65,8 +65,21 @@ var bodyParser = require('body-parser');
 var cookieParser = require("cookie-parser");
 var referrerPolicy = require('referrer-policy');
 var helmet = require('helmet');
+var featurePolicy = require('feature-policy');
+app.use(featurePolicy({
+    features: {
+        fullscreen: ["'*'"],
+        vibrate: ["'none'"],
+        payment: ["'none'"],
+        microphone: ["'none'"],
+        camera: ["'none'"],
+        speaker: ["*"],
+        syncXhr: ["'self'"],
+        notifications: ["'self'"]
+    }
+}));
 app.use(helmet({
-  frameguard: false
+    frameguard: false,
 }));
 app.use(referrerPolicy({ policy: 'origin-when-cross-origin' }));
 app.use( bodyParser.json() );       // to support JSON-encoded bodies