feat-allow-multiple-origins

* update Readme

Author: Vitalii Tereshchenko

README.md

@@ -106,6 +106,13 @@ WebAuthn.configure do |config|
   # the User Agent during registration and authentication ceremonies.
   config.origin = "https://auth.example.com"
 
+  # For the case when a relying party has multiple origins (e.g. different subdomains, native client sending android:apk-key-hash:... like origins in clientDataJson, etc...), you can set the allowed origins instead of the single origin above
+  # config.allowed_origins = [
+  #   "https://auth.example.com",
+  #   "android:apk-key-hash:blablablablablalblalla"
+  # ]
+  # Note: in this case setting config.rp_id is mandatory
+
   # Relying Party name for display purposes
   config.rp_name = "Example Inc."