1 files changed, 9 insertions, 4 deletions

diff --git a/actioncable/README.md b/actioncable/README.md
index 30b86edd2e..8ad9aeb1f1 100644
--- a/actioncable/README.md
+++ b/actioncable/README.md
@@ -326,7 +326,10 @@ Rails.application.paths.add "config/cable", with: "somewhere/else/cable.yml"
 
 ### Allowed Request Origins
 
-Action Cable will only accept requests from specified origins, which are passed to the server config as an array. The origins can be instances of strings or regular expressions, against which a check for match will be performed.
+Action Cable will only accept requests from specific origins.
+
+By default, only an origin matching the cable server itself will be permitted.
+Additional origins can be specified using strings or regular expressions, provided in an array.
 
 ```ruby
 Rails.application.config.action_cable.allowed_request_origins = ['http://rubyonrails.com', /http:\/\/ruby.*/]
@@ -334,15 +337,17 @@ Rails.application.config.action_cable.allowed_request_origins = ['http://rubyonr
 
 When running in the development environment, this defaults to "http://localhost:3000".
 
-To disable and allow requests from any origin:
+To disable protection and allow requests from any origin:
 
 ```ruby
 Rails.application.config.action_cable.disable_request_forgery_protection = true
 ```
 
-It is also possible to allow origins that are starting with the actual HTTP HOST header:
+To disable automatic access for same-origin requests, and strictly allow
+only the configured origins:
+
 ```ruby
-Rails.application.config.action_cable.allow_same_origin_as_host = true
+Rails.application.config.action_cable.allow_same_origin_as_host = false
 ```
 
 ### Consumer Configuration