improve incorrect/lacking doc #5390
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Murderlon
reviewed
Aug 5, 2024
| - Setting the `corsOrigin` (`COMPANION_CLIENT_ORIGINS`) option is now required. | ||
| You should define the list of origins you expect your app to be served from, | ||
| otherwise it can be impersonated from a different origin you don’t control. | ||
| Set it to `true` if you don’t care about impersonating. |
There was a problem hiding this comment.
I feel like "impersonating" is unclear and it's not implicit that your API keys can be abused. Would be better to rewrite to illustrate the severity.
There was a problem hiding this comment.
feel free to suggest a rewrite
There was a problem hiding this comment.
It was there before this PR, it seems fine to merge as is
github-actions bot
added a commit
that referenced
this pull request
Aug 16, 2024
| Package | Version | Package | Version | | ---------------------- | ------- | ---------------------- | ------- | | @uppy/aws-s3 | 4.0.3 | @uppy/provider-views | 4.0.1 | | @uppy/companion | 5.0.5 | @uppy/status-bar | 4.0.2 | | @uppy/companion-client | 4.0.1 | @uppy/transloadit | 4.0.2 | | @uppy/core | 4.1.1 | @uppy/tus | 4.0.1 | | @uppy/dashboard | 4.0.3 | @uppy/utils | 6.0.2 | | @uppy/drag-drop | 4.0.2 | @uppy/vue | 2.0.1 | | @uppy/file-input | 4.0.1 | uppy | 4.1.1 | | @uppy/image-editor | 3.0.1 | | | - @uppy/transloadit: fix issue with `allowMultipleUploadBatches` (Mikael Finstad / #5400) - meta: Bump elliptic from 6.5.5 to 6.5.7 (dependabot[bot] / #5410) - meta: add back patch for `p-queue` (Antoine du Hamel / #5409) - @uppy/transloadit: fix many lurking `TypeError` (Mikael Finstad / #5399) - docs: improve `corsOrigins` documentation (Mikael Finstad / #5390) - docs: add `ViewEncapsulation` to Angular example (Aaron Russell / #5395) - @uppy/companion: fix code for custom providers (Mikael Finstad / #5398) - docs: add note about throwing in `cancelAll` and `destroy()` (Mikael Finstad / #5408) - meta: Bump docker/login-action from 3.2.0 to 3.3.0 (dependabot[bot] / #5372) - meta: Bump docker/setup-qemu-action from 3.1.0 to 3.2.0 (dependabot[bot] / #5370) - docs: make hosted Companion more clear (Merlijn Vos / #5394) - meta: Bump docker/build-push-action from 6.4.1 to 6.6.1 (dependabot[bot] / #5403) - meta: bump p-queue to latest, remove patch (Mikael Finstad / #5391) - meta: enforce `.ts` extension for relative import types (Antoine du Hamel / #5393) - @uppy/tus: Fix onShouldRetry type signature (Trent Nadeau / #5387) - @uppy/dashboard,@uppy/drag-drop,@uppy/file-input: Transform the `accept` prop into a string everywhere (Evgenia Karunus / #5380) - docs: fix getTemporarySecurityCredentials in aws-s3 (Merlijn Vos / #5363)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.