Opinionated SaaS quick-start with pre-built user account and organization system for full-stack application development in React, Node.js, GraphQL and PostgreSQL. Powered by PostGraphile, TypeScript, Apollo Client, Graphile Worker, Graphile Migrate, GraphQL Code Generator, Ant Design and Next.js
Description
In latest Chrome the
Refererheader is no longer being sent from GraphiQL. However, it is sufficient to check the Origin header for CSRF protection so we can skip the CSRF middleware if the Origin header matches.Performance impact
Negligible.
Security impact
Warrants checking, but believed to be safe.