Documentation: Make remote-user warning clearer, maybe

This commit is contained in:
shamoon 2024-02-04 14:20:48 -08:00
parent 421a87c94b
commit 607adf44f3

View File

@ -452,11 +452,12 @@ applications.
This will allow authentication by simply adding a
`Remote-User: <username>` header to a request. Use with care! You
especially *must: ensure that any such header is not passed from
your proxy server to paperless.
especially *must* ensure that any such header is not passed from
external requests to your reverse-proxy to paperless (that would
effectively bypass all authentication).
If you're exposing paperless to the internet directly, do not use
this.
If you're exposing paperless to the internet directly (i.e.
without a reverse proxy), do not use this.
Also see the warning [in the official documentation](https://docs.djangoproject.com/en/4.1/howto/auth-remote-user/#configuration).