Ive added helmet.js to my server however when I look in the network tab in the first document has “X-Powered-By: Express” in the response header, so I think this means it’s not working properly? Does my code look OK? Thanks

const { GraphQLServer } = require('graphql-yoga');
const { Prisma } = require('prisma-binding');
const resolvers = require('./resolvers');
const authoriseToken = require('./other/auth');
const helmet = require('helmet');

const server = new GraphQLServer({
  typeDefs: './src/schema.graphql',
  resolvers,
  context: req => ({
    ...req,
    db: new Prisma({
      typeDefs: 'src/generated/prisma.graphql', // the auto-generated GraphQL schema of the Prisma API
      endpoint: process.env.PRISMA_ENDPOINT, // the endpoint of the Prisma API (value set in `.env`)
      debug: true, // log all GraphQL queries & mutations sent to the Prisma API
      // secret: process.env.PRISMA_SECRET, // only needed if specified in `database/prisma.yml` (value set in `.env`)
    }),
  }),
});

server.use(helmet());

<http://server.express.post|server.express.post>('*', authoriseToken);

server.start(() => console.log('Server is running on <http://localhost:4000'>));

@Jim I see you have server.express.post but you dont do the same for helmet. It should be server.express.use(helmet()) https://github.com/prismagraphql/graphql-yoga#how-to-eject-from-the-standard-express-setup

Ive tried

server.express.use(helmet());

and

<http://server.express.post|server.express.post>('*', helmet(), authoriseToken);

but neither seem to work