mirror of
https://github.com/robertwayne/axum-htmx
synced 2024-12-28 19:29:33 +01:00
Update README.md
This commit is contained in:
parent
4aa5cd299d
commit
d7f78687fe
1 changed files with 4 additions and 5 deletions
|
@ -58,11 +58,10 @@ for the `HX-Request` header. This will return a `403: Forbidden` response if the
|
|||
header is not present, which is useful if you want to make an entire router, say
|
||||
`/api`, only accessible via htmx requests.
|
||||
|
||||
_It should be noted that this is NOT a replacement for authentication. A user
|
||||
can trivially set the `HX-Request` header themselves. This is merely a
|
||||
convenience for preventing users from receiving partial responses without full
|
||||
context. If you need to secure an endpoint, you should be using a proper
|
||||
authentication system._
|
||||
_It should be noted that this is NOT a replacement for an auth guard. A user can
|
||||
trivially set the `HX-Request` header themselves. This is merely a convenience
|
||||
for preventing users from receiving partial responses without context. If you
|
||||
need to secure an endpoint, you should be using a proper auth system._
|
||||
|
||||
## Example: Extractors
|
||||
|
||||
|
|
Loading…
Reference in a new issue