clarify docstring

Arize-ai · Oct 9, 2024 · c84977e · c84977e
1 parent 7cf0362
commit c84977e
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/src/phoenix/config.py b/src/phoenix/config.py
@@ -109,8 +109,11 @@
 """
 ENV_PHOENIX_CSRF_TRUSTED_ORIGINS = "PHOENIX_CSRF_TRUSTED_ORIGINS"
 """
-A comma-separated list of origins that are allowed to bypass Cross-Site Request Forgery (CSRF)
-protection. This is recommended when setting up OAuth2 clients or sending password reset emails.
+A comma-separated list of origins allowed to bypass Cross-Site Request Forgery (CSRF)
+protection. This setting is recommended when configuring OAuth2 clients or sending
+password reset emails. If this variable is left unspecified or contains no origins, CSRF
+protection will not be enabled. In such cases, when a request includes `origin` or `referer`
+headers, those values will not be validated.
 """
 
 # SMTP settings