From feb88ec66b387e86ac80ee99572c7e172353b2e7 Mon Sep 17 00:00:00 2001
From: Gyuho Lee <gyuhox@gmail.com>
Date: Mon, 26 Mar 2018 18:25:47 -0700
Subject: [PATCH] embed: update "HostWhitelist" godoc

Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
---
 embed/config.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/embed/config.go b/embed/config.go
index 6549d1f7e..b654503c0 100644
--- a/embed/config.go
+++ b/embed/config.go
@@ -186,10 +186,10 @@ type Config struct {
 	// Note that the client origin policy is enforced whether authentication
 	// is enabled or not, for tighter controls.
 	//
-	// By default, "HostWhitelist" is empty or "*", which allows any hostnames.
+	// By default, "HostWhitelist" is "*", which allows any hostnames.
 	// Note that when specifying hostnames, loopback addresses are not added
-	// automatically. To allow loopback interfaces, leave it empty or add them
-	// to whitelist manually (e.g. "localhost", "127.0.0.1", etc.).
+	// automatically. To allow loopback interfaces, leave it empty or set it "*",
+	// or add them to whitelist manually (e.g. "localhost", "127.0.0.1", etc.).
 	//
 	// CVE-2018-5702 reference:
 	// - https://bugs.chromium.org/p/project-zero/issues/detail?id=1447#c2