From 6ce3a9f3972b9bb0bbb6ad71a2c7e7f0bc4cad9e Mon Sep 17 00:00:00 2001
From: Mikael Finstad <finstaden@gmail.com>
Date: Thu, 15 Aug 2024 19:19:25 +0200
Subject: [PATCH] docs: improve `corsOrigins` documentation (#5390)

---
 docs/companion.md               | 16 ++++++++--------
 docs/guides/migration-guides.md |  8 ++++----
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/docs/companion.md b/docs/companion.md
index 5b26aea23a..e58c00a6ee 100644
--- a/docs/companion.md
+++ b/docs/companion.md
@@ -680,14 +680,15 @@ the
 for `postMessage` calls in the context of OAuth.
 
 Setting it to `true` treats any origin as a trusted one, making it easier to
-impersonate your brand. Setting it to `false` disables cross-origin supports,
-use this if you’re serving Companion and Uppy from the same domain name.
+impersonate your brand. Setting it to `false` disables cross-origin support, use
+this if you’re serving Companion and Uppy from the same domain name.
 
 ##### `COMPANION_CLIENT_ORIGINS`
 
-A comma-separated string of origins, or `'true'` (which will be interpreted as
-the boolean value `true`), or `'false'` (which will be interpreted as the
-boolean value `false`).
+Stand-alone alternative to the `corsOrigins` option. A comma-separated string of
+origins, or `'true'` (which will be interpreted as the boolean value `true`), or
+`'false'` (which will be interpreted as the boolean value `false`).
+`COMPANION_CLIENT_ORIGINS_REGEX` will be ignored if this option is used.
 
 ##### `COMPANION_CLIENT_ORIGINS_REGEX`
 
@@ -700,9 +701,8 @@ make sure you’re validating the entirety of the string.
 
 :::
 
-Like COMPANION_CLIENT_ORIGINS, but allows a single regex instead.
-`COMPANION_CLIENT_ORIGINS` will be ignored if this is used. This is a
-standalone-only option.
+Stand-alone alternative to the `corsOrigins` option. Like
+`COMPANION_CLIENT_ORIGINS`, but allows a single regex instead.
 
 #### `chunkSize` `COMPANION_CHUNK_SIZE`
 
diff --git a/docs/guides/migration-guides.md b/docs/guides/migration-guides.md
index 360be6af28..b8ba53799b 100644
--- a/docs/guides/migration-guides.md
+++ b/docs/guides/migration-guides.md
@@ -6,10 +6,10 @@ These cover all the major Uppy versions and how to migrate to them.
 
 - End-of-Life versions of Node.js are no longer supported (use latest 18.x LTS,
   20.x LTS, or 22.x current).
-- Setting the `corsOrigin` option is now required. You should define the list of
-  origins you expect your app to be served from, otherwise it can be
-  impersonated from a different origin you don’t control. Set it to `true` if
-  you don’t care about impersonating.
+- Setting the `corsOrigin` (`COMPANION_CLIENT_ORIGINS`) option is now required.
+  You should define the list of origins you expect your app to be served from,
+  otherwise it can be impersonated from a different origin you don’t control.
+  Set it to `true` if you don’t care about impersonating.
 - `COMPANION_REDIS_EXPRESS_SESSION_PREFIX` now defaults to `companion-session:`
   (before `sess:`). To revert keep backwards compatibility, set the environment
   variable `COMPANION_REDIS_EXPRESS_SESSION_PREFIX=sess:`.