GraphQL Sever v4 csrf prevention

JavaScript pattern

The Apollo GraphQL server sets the 'csrfPrevention' option to false. This can enable CSRF attacks.

GraphQL Sever v4 csrf prevention

BEFORE
// OK: Lacks 'csrfPrevention: true', but on v4 this option is true by default
const apollo_server_1 = new ApolloServer({
  typeDefs,
  resolvers,
});

// Good: Has 'csrfPrevention: true'
const apollo_server_3 = new ApolloServer({
  typeDefs,
  resolvers,
  csrfPrevention: true,
});

// BAD: Has 'csrfPrevention: false'
const apollo_server_2 = new ApolloServer({
  typeDefs,
  resolvers,
  csrfPrevention: false,
});
AFTER
// OK: Lacks 'csrfPrevention: true', but on v4 this option is true by default
const apollo_server_1 = new ApolloServer({
  typeDefs,
  resolvers,
});

// Good: Has 'csrfPrevention: true'
const apollo_server_3 = new ApolloServer({
  typeDefs,
  resolvers,
  csrfPrevention: true,
});

// BAD: Has 'csrfPrevention: false'
const apollo_server_2 = new ApolloServer({
  typeDefs,
  resolvers,
  csrfPrevention: true,
});