6 years ago · 3c605d1ab9
--- a/packages/@uppy/transloadit/src/index.js
+++ b/packages/@uppy/transloadit/src/index.js
@@ -129,7 +129,6 @@ module.exports = class Transloadit extends Plugin {
 
				       remote = {
			
 
				         ...file.remote,
			
 
				         serverUrl: newHost,
			
 
				-        serverPattern: ALLOWED_COMPANION_PATTERN,
			
 
				         url: `${newHost}/${path}`
			
 
				       }
			
 
				     }
			
@@ -699,3 +698,4 @@ module.exports = class Transloadit extends Plugin {
 
				 
			
 
				 module.exports.COMPANION = COMPANION
			
 
				 module.exports.UPPY_SERVER = COMPANION
			
 
				+module.exports.COMPANION_PATTERN = ALLOWED_COMPANION_PATTERN
			
--- a/website/src/docs/transloadit.md
+++ b/website/src/docs/transloadit.md
@@ -55,6 +55,7 @@ const Transloadit = require('@uppy/transloadit')
 
				 
			
 
				 uppy.use(Dropbox, {
			
 
				   serverUrl: Transloadit.COMPANION
			
 
				+  serverPattern: Transloadit.COMPANION_PATTERN
			
 
				 })
			
 
				 ```
			
 
				 
			
@@ -66,6 +67,24 @@ uppy.use(Dropbox, {
 
				 })
			
 
				 ```
			
 
				 
			
 
				+### `Transloadit.COMPANION_PATTERN`
			
 
				+
			
 
				+A RegExp pattern matching Transloadit's hosted companion endpoints. The pattern is used in remote provider `serverPattern` options, to ensure that third party authentication messages cannot be faked by an attacker's page, but can only originate from Transloadit's servers.
			
 
				+
			
 
				+Use it whenever you use `serverUrl: Transloadit.COMPANION`, like so:
			
 
				+
			
 
				+```js
			
 
				+const Dropbox = require('@uppy/dropbox')
			
 
				+const Transloadit = require('@uppy/transloadit')
			
 
				+
			
 
				+uppy.use(Dropbox, {
			
 
				+  serverUrl: Transloadit.COMPANION
			
 
				+  serverPattern: Transloadit.COMPANION_PATTERN
			
 
				+})
			
 
				+```
			
 
				+
			
 
				+The value of this constant covers _all_ Transloadit's Companion servers, so it does not need to be changed if you are using a custom [`service`](#service) option. However, if you are not using the Transloadit Companion servers at `*.transloadit.com`, make sure to set the `serverPattern` option to something that matches what you do use.
			
 
				+
			
 
				 ## Options
			
 
				 
			
 
				 The `@uppy/transloadit` plugin has the following configurable options:
			
--- a/website/src/examples/transloadit/app.es6
+++ b/website/src/examples/transloadit/app.es6
@@ -57,7 +57,11 @@ function initUppy () {
 
				       target: '#uppy-dashboard-container',
			
 
				       note: 'Images only, 1–2 files, up to 1 MB'
			
 
				     })
			
 
				-    .use(Instagram, { target: Dashboard, serverUrl: 'https://api2.transloadit.com/companion', serverPattern: /\.transloadit\.com$/  })
			
 
				+    .use(Instagram, {
			
 
				+      target: Dashboard,
			
 
				+      serverUrl: 'https://api2.transloadit.com/companion',
			
 
				+      serverPattern: Transloadit.COMPANION_PATTERN
			
 
				+    })
			
 
				     .use(Webcam, { target: Dashboard })
			
 
				 
			
 
				   uppy