Merge pull request #111 from nerdmaennchen/master

explicitly tell users that the www-authenticate header must be set on…
2019-10-22 16:58:16 +02:00
parent 3b06887cbd c766602618
commit 22715b079f
1 changed files with 2 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -136,6 +136,8 @@ BasicAuth

 Authenticate users by an [HTTP Basic access authentication][BasicAuth_0]  call.
 HTTP server of your choice to authenticate. It should return HTTP 2xx for correct credentials and an appropriate other error code for wrong ones or refused access.
+The HTTP server _must_ respond to any requests to the target URL with the "www-authenticate" header set. 
+Otherwise BasicAuth considers itself to be misconfigured or the HTTP server unfit for authentication.

 ### Configuration
 The only supported parameter is the URL of the web server where the authentication happens.