docs: update security.checkOrigin JSDoc comment

withastro · Sep 16, 2024 · 3a49111 · 3a49111
1 parent f10a3b7
commit 3a49111
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/.changeset/fresh-pandas-drive.md b/.changeset/fresh-pandas-drive.md
@@ -0,0 +1,5 @@
+---
+'astro': patch
+---
+
+Fixes a type and an example in documenting the `security.checkOrigin` property of Astro config.
diff --git a/packages/astro/src/types/public/config.ts b/packages/astro/src/types/public/config.ts
@@ -442,21 +442,25 @@ export interface AstroUserConfig {
 	/**
 	 * @docs
 	 * @name security
-	 * @type {boolean}
-	 * @default `{}`
+	 * @type {Record<"checkOrigin", boolean> | undefined}
+	 * @default `{checkOrigin: true}`
 	 * @version 4.9.0
 	 * @description
 	 *
 	 * Enables security measures for an Astro website.
 	 *
 	 * These features only exist for pages rendered on demand (SSR) using `server` mode or pages that opt out of prerendering in `static` mode.
 	 *
+	 * By default, Astro will automatically check that the “origin” header
+	 * matches the URL sent by each request in on-demand rendered pages. You can
+	 * disable this behavior by setting `checkOrigin` to `false`:
+	 *
 	 * ```js
 	 * // astro.config.mjs
 	 * export default defineConfig({
 	 *   output: "server",
 	 *   security: {
-	 *     checkOrigin: true
+	 *     checkOrigin: false
 	 *   }
 	 * })
 	 * ```