From: shamoon <4887959+shamoon@users.noreply.github.com>
Date: Sun, 4 Feb 2024 22:20:48 +0000 (-0800)
Subject: Documentation: Make remote-user warning clearer, maybe
X-Git-Tag: v2.5.0~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=607adf44f3fc609d2d49495468a61306d2fb0bd5;p=thirdparty%2Fpaperless-ngx.git

Documentation: Make remote-user warning clearer, maybe
---

diff --git a/docs/configuration.md b/docs/configuration.md
index b681986195..f5ffbf9b01 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -452,11 +452,12 @@ applications.
 
         This will allow authentication by simply adding a
         `Remote-User: <username>` header to a request. Use with care! You
-        especially *must:   ensure that any such header is not passed from
-        your proxy server to paperless.
+        especially *must* ensure that any such header is not passed from
+        external requests to your reverse-proxy to paperless (that would
+        effectively bypass all authentication).
 
-        If you're exposing paperless to the internet directly, do not use
-        this.
+        If you're exposing paperless to the internet directly (i.e.
+        without a reverse proxy), do not use this.
 
         Also see the warning [in the official documentation](https://docs.djangoproject.com/en/4.1/howto/auth-remote-user/#configuration).