Skip to content

Commit

Permalink
Merge pull request #325 from ladesa-ro/dev/gabriel
Browse files Browse the repository at this point in the history
fix: disable graphql playground and make helmet more strict
  • Loading branch information
guesant authored Oct 10, 2024
2 parents d803026 + 69461bc commit 2057746
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 13 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,19 @@ import { GraphQLModule } from "@nestjs/graphql";
GraphQLModule.forRoot<ApolloDriverConfig>({
driver: ApolloDriver,

/*
app.use(
helmet({
crossOriginEmbedderPolicy: false,
crossOriginResourcePolicy: {
policy: "cross-origin",
},
contentSecurityPolicy: isProduction ? undefined : false,
}),
);
*/
playground: false,

useGlobalPrefix: true,
autoSchemaFile: true,
introspection: true,
Expand Down
16 changes: 3 additions & 13 deletions api-service/src/main.ts
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
import { AppConfigService } from "@/infrastructure/config";
import { SetupSwaggerDocument } from "@/infrastructure/integrations/http/swagger";
import { NestFactory } from "@nestjs/core";
import { SwaggerModule } from "@nestjs/swagger";
import compression from "compression";
import helmet from "helmet";
import "reflect-metadata";
import { AppConfigService } from "@/infrastructure/config";
import { SetupSwaggerDocument } from "@/infrastructure/integrations/http/swagger";
import { AppModule } from "./app.module";

async function setupApp() {
Expand All @@ -22,17 +22,7 @@ async function setupApp() {

//

const isProduction = configService.getRuntimeIsProduction();

app.use(
helmet({
crossOriginEmbedderPolicy: false,
crossOriginResourcePolicy: {
policy: "cross-origin",
},
contentSecurityPolicy: isProduction ? undefined : false,
}),
);
app.use(helmet());

//

Expand Down

0 comments on commit 2057746

Please sign in to comment.