docs: add api field example in the appset security doc

It seems like most of the work for the mentioned issue below is done under the PR argoproj#9466 but from the issue description, it's probably worth to mention the example as added here. Related argoproj#9352 Signed-off-by: Sahdev Zala <spzala@us.ibm.com>
spzala · Jul 24, 2022 · 96c25e3 · 96c25e3
1 parent e343d3b
commit 96c25e3
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/docs/operator-manual/applicationset/Security.md b/docs/operator-manual/applicationset/Security.md
@@ -11,8 +11,8 @@ resources of Argo CD itself (like the RBAC ConfigMap).
 ApplicationSets can also quickly create an arbitrary number of Applications and just as quickly delete them.
 
 Finally, ApplicationSets can reveal privileged information. For example, the [git generator](./Generators-Git.md) can
-read Secrets in the Argo CD namespace and send them to arbitrary URLs as auth headers. (This functionality is intended
-for authorizing requests to SCM providers like GitHub, but it could be abused by a malicious user.)
+read Secrets in the Argo CD namespace and send them to arbitrary URLs (e.g. URL provided for the `api` field) as auth headers.
+(This functionality is intended for authorizing requests to SCM providers like GitHub, but it could be abused by a malicious user.)
 
 For these reasons, **only admins** may be given permission (via Kubernetes RBAC or any other mechanism) to create, 
 update, or delete ApplicationSets.