Documentation: Make remote-user warning clearer, maybe

author shamoon <4887959+shamoon@users.noreply.github.com>

Sun, 4 Feb 2024 22:20:48 +0000 (14:20 -0800)

committer shamoon <4887959+shamoon@users.noreply.github.com>

Sun, 4 Feb 2024 22:20:48 +0000 (14:20 -0800)
author shamoon <4887959+shamoon@users.noreply.github.com>
Sun, 4 Feb 2024 22:20:48 +0000 (14:20 -0800)
committer shamoon <4887959+shamoon@users.noreply.github.com>
Sun, 4 Feb 2024 22:20:48 +0000 (14:20 -0800)
diff --git a/docs/configuration.md b/docs/configuration.md

index b681986195dcbffc17ec41ad20f445fba8edfe19..f5ffbf9b01293e5df388b9c6f76f4b0c39b867e5 100644 (file)
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -452,11 +452,12 @@ applications.
  
          This will allow authentication by simply adding a
          `Remote-User: <username>` header to a request. Use with care! You
-        especially *must:   ensure that any such header is not passed from
-        your proxy server to paperless.
+        especially *must* ensure that any such header is not passed from
+        external requests to your reverse-proxy to paperless (that would
+        effectively bypass all authentication).
  
-        If you're exposing paperless to the internet directly, do not use
-        this.
+        If you're exposing paperless to the internet directly (i.e.
+        without a reverse proxy), do not use this.
  
          Also see the warning [in the official documentation](https://docs.djangoproject.com/en/4.1/howto/auth-remote-user/#configuration).
author	shamoon <4887959+shamoon@users.noreply.github.com>
	Sun, 4 Feb 2024 22:20:48 +0000 (14:20 -0800)
committer	shamoon <4887959+shamoon@users.noreply.github.com>
	Sun, 4 Feb 2024 22:20:48 +0000 (14:20 -0800)