From 3a4911135d79936e3e561b3ad5948fd82b0efe10 Mon Sep 17 00:00:00 2001
From: Armand Philippot <git@armand.philippot.eu>
Date: Mon, 16 Sep 2024 21:55:34 +0200
Subject: [PATCH] docs: update `security.checkOrigin` JSDoc comment

---
 .changeset/fresh-pandas-drive.md          |  5 +++++
 packages/astro/src/types/public/config.ts | 10 +++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)
 create mode 100644 .changeset/fresh-pandas-drive.md

diff --git a/.changeset/fresh-pandas-drive.md b/.changeset/fresh-pandas-drive.md
new file mode 100644
index 000000000000..5240ecb9328e
--- /dev/null
+++ b/.changeset/fresh-pandas-drive.md
@@ -0,0 +1,5 @@
+---
+'astro': patch
+---
+
+Fixes a type and an example in documenting the `security.checkOrigin` property of Astro config.
diff --git a/packages/astro/src/types/public/config.ts b/packages/astro/src/types/public/config.ts
index d83872cce558..257f1ffc10d3 100644
--- a/packages/astro/src/types/public/config.ts
+++ b/packages/astro/src/types/public/config.ts
@@ -442,8 +442,8 @@ export interface AstroUserConfig {
 	/**
 	 * @docs
 	 * @name security
-	 * @type {boolean}
-	 * @default `{}`
+	 * @type {Record<"checkOrigin", boolean> | undefined}
+	 * @default `{checkOrigin: true}`
 	 * @version 4.9.0
 	 * @description
 	 *
@@ -451,12 +451,16 @@ export interface AstroUserConfig {
 	 *
 	 * These features only exist for pages rendered on demand (SSR) using `server` mode or pages that opt out of prerendering in `static` mode.
 	 *
+	 * By default, Astro will automatically check that the “origin” header
+	 * matches the URL sent by each request in on-demand rendered pages. You can
+	 * disable this behavior by setting `checkOrigin` to `false`:
+	 *
 	 * ```js
 	 * // astro.config.mjs
 	 * export default defineConfig({
 	 *   output: "server",
 	 *   security: {
-	 *     checkOrigin: true
+	 *     checkOrigin: false
 	 *   }
 	 * })
 	 * ```