GraphQL Sever v4 csrf prevention

JavaScript pattern

The Apollo GraphQL server sets the 'csrfPrevention' option to false. This can enable CSRF attacks.

Apply with the Grit CLI
grit apply graphql_v4_csrf_prevention

GraphQL Sever v4 csrf prevention

BEFORE 
// OK: Lacks 'csrfPrevention: true', but on v4 this option is true by default
const apollo_server_1 = new ApolloServer({
  typeDefs,
  resolvers,
});

// Good: Has 'csrfPrevention: true'
const apollo_server_3 = new ApolloServer({
  typeDefs,
  resolvers,
  csrfPrevention: true,
});

// BAD: Has 'csrfPrevention: false'
const apollo_server_2 = new ApolloServer({
  typeDefs,
  resolvers,
  csrfPrevention: false,
});
AFTER 
// OK: Lacks 'csrfPrevention: true', but on v4 this option is true by default
const apollo_server_1 = new ApolloServer({
  typeDefs,
  resolvers,
});

// Good: Has 'csrfPrevention: true'
const apollo_server_3 = new ApolloServer({
  typeDefs,
  resolvers,
  csrfPrevention: true,
});

// BAD: Has 'csrfPrevention: false'
const apollo_server_2 = new ApolloServer({
  typeDefs,
  resolvers,
  csrfPrevention: true,
});