From 04774a3c093b4b0ffdd5f02f2477ad628b63d46f Mon Sep 17 00:00:00 2001
From: Vitalii Tereshchenko <vitalii.tereshchenko@kaiahealth.com>
Date: Mon, 9 Sep 2024 14:29:00 +0200
Subject: [PATCH] feat-allow-multiple-origins * update Readme

---
 README.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/README.md b/README.md
index 65fd6f42..bfc14253 100644
--- a/README.md
+++ b/README.md
@@ -106,6 +106,13 @@ WebAuthn.configure do |config|
   # the User Agent during registration and authentication ceremonies.
   config.origin = "https://auth.example.com"
 
+  # For the case when a relying party has multiple origins (e.g. different subdomains, native client sending android:apk-key-hash:... like origins in clientDataJson, etc...), you can set the allowed origins instead of the single origin above
+  # config.allowed_origins = [
+  #   "https://auth.example.com",
+  #   "android:apk-key-hash:blablablablablalblalla"
+  # ]
+  # Note: in this case setting config.rp_id is mandatory
+
   # Relying Party name for display purposes
   config.rp_name = "Example Inc."