Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
const apiPath = this._apiPath;
const graphiqlPath = this._graphiqlPath;
const app = express();
if (dev && graphiqlPath) {
// This is a convenience to make the out of the box experience slightly simpler.
// We should reconsider support for this at some point in the future. -TL
app.use(
new GraphQLPlaygroundApp({ apiPath, graphiqlPath }).prepareMiddleware({ keystone, dev })
);
}
// { cors: false } - prevent ApolloServer from overriding Keystone's CORS configuration.
// https://www.apollographql.com/docs/apollo-server/api/apollo-server.html#ApolloServer-applyMiddleware
// This probably isn't the right place to put this restriction middleware. -TL
const restrict = restrictAudienceMiddleware({ isPublic: true });
app.use(apiPath, restrict);
app.use(server.getMiddleware({ path: apiPath, cors: false }));
return app;
}