From 64dfc41d563afe3c66402f7906c902800d0a3ac6 Mon Sep 17 00:00:00 2001 From: Jacob Walls Date: Tue, 31 Mar 2026 15:43:18 -0400 Subject: [6.0.x] Fixed #36862 -- Doc'd the need for a proxy when deploying RemoteUserMiddleware under ASGI. We have a flood of nuisance security reports describing ASGI deployments using RemoteUserMiddleware without a fronting proxy, which is not realistic. Backport of 2ee757ee502d5663f932dc5c35175c39af4640ce from main. --- docs/ref/middleware.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/ref') diff --git a/docs/ref/middleware.txt b/docs/ref/middleware.txt index 29e8f7b941..9fdc54264c 100644 --- a/docs/ref/middleware.txt +++ b/docs/ref/middleware.txt @@ -580,7 +580,7 @@ Middleware for utilizing web server provided authentication. See Middleware for utilizing web server provided authentication when enabled only on the login page. See :ref:`persistent-remote-user-middleware-howto` for usage -details. +details, including security considerations. CSRF protection middleware -------------------------- -- cgit v1.3