diff --git a/server/app.js b/server/app.js
index 83a00c011b62ae0a3539052a706d6c4b0bec786e..0b3034d47e51c7b31f1370ba44d52d3269279055 100644
--- a/server/app.js
+++ b/server/app.js
@@ -49,7 +49,12 @@ const configureApp = app => {
 
   app.use(bodyParser.urlencoded({ extended: false }))
   app.use(cookieParser())
-  app.use(helmet())
+  app.use(
+    helmet({
+      contentSecurityPolicy:
+        process.env.NODE_ENV === 'production' ? undefined : false, // Disable contentSecurityPolicy for non-prod use, so GraphQl Playground works
+    }),
+  )
   app.use(express.static(path.resolve('.', '_build')))
 
   app.use('/public', express.static(path.resolve(__dirname, '../public')))