From fd8e4c6bfa2fd687a3c62f8428e00f3b320c32c2 Mon Sep 17 00:00:00 2001
From: Alexandre Bodin <bodin.alex@gmail.com>
Date: Wed, 24 Aug 2022 15:47:43 +0200
Subject: [PATCH] Add check in security middleware

---
 packages/core/strapi/lib/middlewares/security.js | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/packages/core/strapi/lib/middlewares/security.js b/packages/core/strapi/lib/middlewares/security.js
index 88dc7dedf8..6527d59276 100644
--- a/packages/core/strapi/lib/middlewares/security.js
+++ b/packages/core/strapi/lib/middlewares/security.js
@@ -35,13 +35,14 @@ module.exports =
   (config, { strapi }) =>
   (ctx, next) => {
     let helmetConfig = defaultsDeep(defaults, config);
-    const { config: gqlConfig } = strapi.plugin('graphql');
-    const gqlEndpoint = gqlConfig('endpoint');
+    const specialPaths = ['/documentation'];
 
-    if (
-      ctx.method === 'GET' &&
-      [gqlEndpoint, '/documentation'].some((str) => ctx.path.startsWith(str))
-    ) {
+    if (strapi.plugin('graphql')) {
+      const { config: gqlConfig } = strapi.plugin('graphql');
+      specialPaths.push(gqlConfig('endpoint'));
+    }
+
+    if (ctx.method === 'GET' && specialPaths.some((str) => ctx.path.startsWith(str))) {
       helmetConfig = merge(helmetConfig, {
         contentSecurityPolicy: {
           directives: {