From aadf0934027310b1f066ff49e749aa2b2a637c44 Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Mon, 15 May 2023 17:39:22 +0200
Subject: [PATCH] helmet exception for graphiql

---
 backend/src/server.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/backend/src/server.js b/backend/src/server.js
index bcbd84617..d7908cd46 100644
--- a/backend/src/server.js
+++ b/backend/src/server.js
@@ -82,7 +82,9 @@ const createServer = (options) => {
   const app = express()
 
   app.set('driver', driver)
-  app.use(helmet())
+  // TODO: this exception is required for the graphql playground, since the playground loads external resources
+  // See: https://github.com/graphql/graphql-playground/issues/1283
+  app.use(helmet(CONFIG.DEBUG && { contentSecurityPolicy: false, crossOriginEmbedderPolicy: false }))
   app.use('/.well-known/', webfinger())
   app.use(express.static('public'))
   app.use(bodyParser.json({ limit: '10mb' }))