diff --git a/config/routes.rb b/config/routes.rb
index 484b9a2f..9dc27416 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -3,12 +3,10 @@
     get 'current_user/create'
   end
 
-  # if Rails.env.development?
-    mount GraphiQL::Rails::Engine, at: "/graphiql", graphql_path: "/graphql", constraints: lambda { |request|
-      # only allow authenticated users
-      Passwordless::Session.exists?(id: request.session[:"passwordless_session_id--user"])
-    }
-  # end
+  mount GraphiQL::Rails::Engine, at: "/graphiql", graphql_path: "/graphql", constraints: lambda { |request|
+    # only allow authenticated users, otherwise 404
+    Passwordless::Session.exists?(id: request.session[:"passwordless_session_id--user"])
+  }
 
   post "/graphql", to: "graphql#execute"