From b96ae86de277e38dbfebbf6a352e3b991f9382a8 Mon Sep 17 00:00:00 2001 From: Matt Gibson Date: Fri, 11 Nov 2022 09:07:34 -0500 Subject: [PATCH] Expand serve origin protection warning (#4024) This warning was kept vague during fix rollout, but now that we're more than a release past, we can expand the explanation. --- apps/cli/src/program.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/cli/src/program.ts b/apps/cli/src/program.ts index 31a8005bb4..f80a87068b 100644 --- a/apps/cli/src/program.ts +++ b/apps/cli/src/program.ts @@ -478,7 +478,7 @@ export class Program extends BaseProgram { .option("--port ", "The port to run your API webserver on.") .option( "--disable-origin-protection", - "If set, allows requests with origin header. Not recommended!" + "If set, allows requests with origin header. Warning, this option exists for backwards compatibility reasons and exposes your environment to known CSRF attacks." ) .on("--help", () => { writeLn("\n Notes:");