A note about security tokens

Author: filiptronicek

README.md

@@ -28,6 +28,9 @@ docker run -it --init -p 3000:3000 -v "$(pwd):/home/workspace:cached" gitpod/ope
 ```
 - Visit the URL printed in your terminal. Just going to port 3000 won't work, because VS Code requires that you provide a uniquely generated security token to prevent unauthorized access.
 
+#### A note about security tokens
+Since OpenVSCode Server v1.62, you must access the Web UI using a connection token generated by the server. If that's not what you're looking for, and instead want to generate these tokens by yourself, start the server with `--connectionToken YOUR_TOKEN` to force your secret to be used. If you want your development environment to be even more secure, create a plaintext file with the desired token as its contents and provide it to the server with `--connection-secret YOUR_SECRET_FILE`.
+
 _Note_: Feel free to use the `nightly` tag to test the latest version, i.e. `gitpod/openvscode-server:nightly`.
 
 #### Custom Environment
@@ -52,7 +55,7 @@ tar -xzf openvscode-server-v${OPENVSCODE_SERVER_VERSION}.tar.gz
 cd openvscode-server-v${OPENVSCODE_SERVER_VERSION}
 ./server.sh
 ```
-- Visit the URL printed in your terminal. Just going to port 3000 won't work, because VS Code requires that you provide a uniquely generated security token to prevent unauthorized access. 
+- Visit the URL printed in your terminal. Just going to port 3000 won't work, because VS Code requires that you provide a uniquely generated security token to prevent unauthorized access.
 
 _Note_: You can use [pre-releases](https://github.com/gitpod-io/openvscode-server/releases) to test nightly changes.