GraphQL Sever v3 csrf prevention

JavaScript pattern

The Apollo GraphQL server lacks the 'csrfPrevention' option. This option is 'false' by the default in v3 of the Apollo GraphQL v3, which can enable CSRF attacks.

GraphQL Sever v3 csrf prevention

BEFORE
// BAD 1: Lacks 'csrfPrevention: true'
const apollo_server_1 = new ApolloServer({
    typeDefs,
    resolvers
});

// BAD 2: Has 'csrfPrevention: false'
const apollo_server_2 = new ApolloServer({
    typeDefs,
    resolvers, 
    csrfPrevention: false,
});

// Good: Has 'csrfPrevention: true'
const apollo_server_3 = new ApolloServer({
    typeDefs,
    resolvers,
    csrfPrevention: true,
});
AFTER
// BAD 1: Lacks 'csrfPrevention: true'
const apollo_server_1 = new ApolloServer({
    typeDefs,
    resolvers,
    csrfPrevention: true
});

// BAD 2: Has 'csrfPrevention: false'
const apollo_server_2 = new ApolloServer({
    typeDefs,
    resolvers, 
    csrfPrevention: true,
});

// Good: Has 'csrfPrevention: true'
const apollo_server_3 = new ApolloServer({
    typeDefs,
    resolvers,
    csrfPrevention: true,
});