Improve companionAllowedHosts doc

docs/companion.md

@@ -22,9 +22,10 @@ OAuth.
 ## When should I use it?
 
 If you want to let users download files from [Box][], [Dropbox][], [Facebook][],
-[Google Drive][googledrive], [Google Photos][googlephotos], [Instagram][],
-[OneDrive][], [Unsplash][], [Import from URL][url], or [Zoom][] — you need
-Companion.
+[Google Drive][googledrive], [Google Photos][googlephotos], [Google Drive
+Picker][googledrivepicker], [Google Photos Picker][googlephotospicker],
+[Instagram][], [OneDrive][], [Unsplash][], [Import from URL][url], or [Zoom][] —
+you need Companion.
 
 Companion supports the same [uploaders](/docs/guides/choosing-uploader) as Uppy:
 [Tus](/docs/tus), [AWS S3](/docs/aws-s3), and [regular multipart](/docs/tus).
@@ -721,6 +722,11 @@ as well as
 Set this to `true` to enable the [URL functionalily](https://uppy.io/docs/url/).
 Default: `false`.
 
+#### `enableGooglePickerEndpoint` `COMPANION_ENABLE_GOOGLE_PICKER_ENDPOINT`
+
+Set this to `true` to enable the Google Picker (Photos / Drive) functionality.
+Default: `false`.
+
 ### Events
 
 The object returned by `companion.app()` also has a property `companionEmitter`
@@ -981,6 +987,8 @@ automatically restart when files are changed.
 [facebook]: /docs/facebook
 [googledrive]: /docs/google-drive
 [googlephotos]: /docs/google-photos
+[googledrivepicker]: /docs/google-drive-picker
+[googlephotospicker]: /docs/google-photos-picker
 [instagram]: /docs/instagram
 [onedrive]: /docs/onedrive
 [unsplash]: /docs/unsplash

docs/sources/companion-plugins/_companion-options.mdx

@@ -0,0 +1,79 @@
+#### `id`
+
+A unique identifier for this plugin (`string`, default is a unique ID for each
+plugin).
+
+#### `title`
+
+Title / name shown in the UI, such as Dashboard tabs (`string`, default is the
+name of the plugin).
+
+#### `target`
+
+DOM element, CSS selector, or plugin to place the drag and drop area into
+(`string`, `Element`, `Function`, or `UIPlugin`, default:
+[`Dashboard`](/docs/dashboard)).
+
+#### `companionUrl`
+
+URL to a [Companion](/docs/companion) instance (`string`, default: `null`).
+
+#### `companionHeaders`
+
+Custom headers that should be sent along to [Companion](/docs/companion) on
+every request (`Object`, default: `{}`).
+
+#### `companionAllowedHosts`
+
+The valid and authorised URL(s) from which OAuth responses should be accepted
+(`string` or `RegExp` or `Array`, default: `companionUrl`). This option is
+useful when you have your [Companion](/docs/companion) running on several hosts.
+Otherwise, the default value should do fine, which uses the origin of
+`companionUrl`.
+
+This value can be a `string`, a `RegExp` pattern, or an `Array` of these.
+Strings are evaluated as regular expressions too and will be wrapped in a RegExp
+like so:
+
+```js
+new RegExp(`^${value}$`);
+```
+
+**Important:** You must escape regex characters like `.`, or you might open your
+app up to security vulnerabilities.
+
+- Example correct strings
+  - `'^(?:.*\\.)?example\.com$'` matches `example.com` and all of its
+    subdomains.
+  - `'https://example\.com'` matches `https://example.com` only.
+- Example vulnerability: `'https://www.example.com'` would allow an attacker
+  with the domain `wwwxexample.com` to forge and inject a fraudulent token into
+  Uppy.
+
+#### `companionCookiesRule`
+
+This option correlates to the
+[RequestCredentials value](https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials)
+(`string`, default: `'same-origin'`).
+
+This tells the plugin whether to send cookies to [Companion](/docs/companion).
+
+#### `locale`
+
+An object with `strings` property containing additional i18n strings. The key is
+the i18n key and the value is the English string.
+
+Example:
+
+```js
+{
+	strings: {
+		someKey: 'Some English string',
+	},
+}
+```
+
+#### `storage`
+
+A custom storage to be used for the plugin’s persistent data. Type `AsyncStore`,
+default is `LocalStorage`.

docs/sources/companion-plugins/box.mdx

@@ -6,6 +6,7 @@ import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';
 
 import UppyCdnExample from '/src/components/UppyCdnExample';
+import CompanionOptions from './_companion-options.mdx';
 
 # Box
 
@@ -171,56 +172,7 @@ companion.app({
 
 ### Options
 
-#### `id`
-
-A unique identifier for this plugin (`string`, default: `'Box'`).
-
-#### `title`
-
-Title / name shown in the UI, such as Dashboard tabs (`string`, default:
-`'Box'`).
-
-#### `target`
-
-DOM element, CSS selector, or plugin to place the drag and drop area into
-(`string`, `Element`, `Function`, or `UIPlugin`, default:
-[`Dashboard`](/docs/dashboard)).
-
-#### `companionUrl`
-
-URL to a [Companion](/docs/companion) instance (`string`, default: `null`).
-
-#### `companionHeaders`
-
-Custom headers that should be sent along to [Companion](/docs/companion) on
-every request (`Object`, default: `{}`).
-
-#### `companionAllowedHosts`
-
-The valid and authorised URL(s) from which OAuth responses should be accepted
-(`string` or `RegExp` or `Array`, default: `companionUrl`).
-
-This value can be a `string`, a `RegExp` pattern, or an `Array` of both. This is
-useful when you have your [Companion](/docs/companion) running on several hosts.
-Otherwise, the default value should do fine.
-
-#### `companionCookiesRule`
-
-This option correlates to the
-[RequestCredentials value](https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials)
-(`string`, default: `'same-origin'`).
-
-This tells the plugin whether to send cookies to [Companion](/docs/companion).
-
-#### `locale`
-
-```js
-export default {
-	strings: {
-		pluginNameBox: 'Box',
-	},
-};
-```
+<CompanionOptions />
 
 [template-credentials]:
 	https://transloadit.com/docs/#how-to-create-template-credentials

docs/sources/companion-plugins/dropbox.mdx

@@ -6,6 +6,7 @@ import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';
 
 import UppyCdnExample from '/src/components/UppyCdnExample';
+import CompanionOptions from './_companion-options.mdx';
 
 # Dropbox
 
@@ -171,56 +172,7 @@ companion.app({
 
 ### Options
 
-#### `id`
-
-A unique identifier for this plugin (`string`, default: `'Dropbox'`).
-
-#### `title`
-
-Title / name shown in the UI, such as Dashboard tabs (`string`, default:
-`'Dropbox'`).
-
-#### `target`
-
-DOM element, CSS selector, or plugin to place the drag and drop area into
-(`string`, `Element`, `Function`, or `UIPlugin`, default:
-[`Dashboard`](/docs/dashboard)).
-
-#### `companionUrl`
-
-URL to a [Companion](/docs/companion) instance (`string`, default: `null`).
-
-#### `companionHeaders`
-
-Custom headers that should be sent along to [Companion](/docs/companion) on
-every request (`Object`, default: `{}`).
-
-#### `companionAllowedHosts`
-
-The valid and authorised URL(s) from which OAuth responses should be accepted
-(`string` or `RegExp` or `Array`, default: `companionUrl`).
-
-This value can be a `string`, a `RegExp` pattern, or an `Array` of both. This is
-useful when you have your [Companion](/docs/companion) running on several hosts.
-Otherwise, the default value should do fine.
-
-#### `companionCookiesRule`
-
-This option correlates to the
-[RequestCredentials value](https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials)
-(`string`, default: `'same-origin'`).
-
-This tells the plugin whether to send cookies to [Companion](/docs/companion).
-
-#### `locale`
-
-```js
-export default {
-	strings: {
-		pluginNameDropbox: 'Dropbox',
-	},
-};
-```
+<CompanionOptions />
 
 [template-credentials]:
 	https://transloadit.com/docs/#how-to-create-template-credentials

docs/sources/companion-plugins/facebook.mdx

@@ -6,6 +6,7 @@ import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';
 
 import UppyCdnExample from '/src/components/UppyCdnExample';
+import CompanionOptions from './_companion-options.mdx';
 
 # Facebook
 
@@ -168,56 +169,7 @@ companion.app({
 
 ### Options
 
-#### `id`
-
-A unique identifier for this plugin (`string`, default: `'Facebook'`).
-
-#### `title`
-
-Title / name shown in the UI, such as Dashboard tabs (`string`, default:
-`'Facebook'`).
-
-#### `target`
-
-DOM element, CSS selector, or plugin to place the drag and drop area into
-(`string`, `Element`, `Function`, or `UIPlugin`, default:
-[`Dashboard`](/docs/dashboard)).
-
-#### `companionUrl`
-
-URL to a [Companion](/docs/companion) instance (`string`, default: `null`).
-
-#### `companionHeaders`
-
-Custom headers that should be sent along to [Companion](/docs/companion) on
-every request (`Object`, default: `{}`).
-
-#### `companionAllowedHosts`
-
-The valid and authorised URL(s) from which OAuth responses should be accepted
-(`string` or `RegExp` or `Array`, default: `companionUrl`).
-
-This value can be a `string`, a `RegExp` pattern, or an `Array` of both. This is
-useful when you have your [Companion](/docs/companion) running on several hosts.
-Otherwise, the default value should do fine.
-
-#### `companionCookiesRule`
-
-This option correlates to the
-[RequestCredentials value](https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials)
-(`string`, default: `'same-origin'`).
-
-This tells the plugin whether to send cookies to [Companion](/docs/companion).
-
-#### `locale`
-
-```js
-export default {
-	strings: {
-		pluginNameFacebook: 'Facebook',
-	},
-};
-```
+<CompanionOptions />
 
 [template-credentials]:
 	https://transloadit.com/docs/#how-to-create-template-credentials