Merge pull request #1662 from gitbugr/2021/docs/nest-6180-fastify-and-apollo-and-helmet-warnings

docs(fastify,helmet,apollo): add warnings

Author: kamilmysliwiec

content/security/helmet.md

@@ -37,3 +37,23 @@ import * as helmet from 'fastify-helmet';
 // somewhere in your initialization file
 app.register(helmet);
 ```
+> warning **Warning** When using `apollo-server-fastify` and `fastify-helmet`, there may be a problem with [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) on the GraphQL playground, to solve this collision, configure the CSP as shown below:
+>
+> ```typescript
+> app.register(helmet, {
+>   contentSecurityPolicy: {
+>     directives: {
+>       defaultSrc: [`'self'`],
+>       styleSrc: [`'self'`, `'unsafe-inline'`, 'cdn.jsdelivr.net', 'fonts.googleapis.com'],
+>       fontSrc: [`'self'`, 'fonts.gstatic.com'],
+>       imgSrc: [`'self'`, 'data:', 'cdn.jsdelivr.net'],
+>       scriptSrc: [`'self'`, `https: 'unsafe-inline'`, `cdn.jsdelivr.net`],
+>     },
+>   },
+> });
+>
+> // If you are not going to use CSP at all, you can use this:
+> app.register(helmet, {
+>   contentSecurityPolicy: false,
+> });
+> ```

content/techniques/performance.md

@@ -15,6 +15,7 @@ First, we need to install the required package:
 ```bash
 $ npm i --save @nestjs/platform-fastify
 ```
+> warning **Warning** When using `@nestjs/platform-fastify` version `>=7.5.0` and `apollo-server-fastify`, GraphQL playground may not work due to incompatibility with `fastify` version `^3.0.0`. You may want to use the unstable `apollo-server-fastify` version `^3.0.0-alpha.3` or temporarily choose express instead.
 
 #### Adapter