limit cors on post method

Author: FinalDes

src/app.ts

@@ -1,15 +1,21 @@
 import bodyParser = require("body-parser");
 import cors = require("cors");
+import dotenv = require("dotenv");
 import express = require("express");
 import { graphiqlExpress, graphqlExpress } from "graphql-server-express";
 import helmet = require("helmet");
 
 import {welcomeQuery} from "./graphiQL_welcome_query";
 import {schema} from "./schema";
 
+dotenv.config();
+
 const app: express.Application = express();
 
 const helperMiddleware: express.RequestHandler[] = [
+  cors({
+    methods: ["POST"],
+  }),
   bodyParser.json(),
   bodyParser.text({ type: "application/graphql" }),
   (req: express.Request, res: express.Response, next: any) => {
@@ -20,11 +26,13 @@ const helperMiddleware: express.RequestHandler[] = [
   },
 ];
 app.disable("x-powered-by");
-app.use(cors());
 app.use("/graphql", ...helperMiddleware, graphqlExpress({ schema }));
-app.use("/graphiql", graphiqlExpress({
-  endpointURL: "/graphql",
-  query: welcomeQuery,
-}));
+console.log(process.env.PRODUCTION);
+if (!process.env.PRODUCTION) {
+  app.use("/graphiql", graphiqlExpress({
+    endpointURL: "/graphql",
+    query: welcomeQuery,
+  }));
+}
 
 export default app;