From be8ba189372f96d87abd22f85a6768ac936d91f2 Mon Sep 17 00:00:00 2001
From: Henrique Dias <mail@hacdias.com>
Date: Thu, 12 Mar 2026 07:59:20 +0100
Subject: [PATCH] docs: add notice on proxy

---
 www/docs/authentication.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/docs/authentication.md b/www/docs/authentication.md
index 75270f8c..4308b01c 100644
--- a/www/docs/authentication.md
+++ b/www/docs/authentication.md
@@ -38,7 +38,7 @@ Where `X-My-Header` is the HTTP header provided by your proxy with the username.
 
 > [!WARNING]
 > 
-> File Browser will blindly trust the provided header. If the proxy can be bypassed, an attacker could simply attach the header and get admin access.
+> File Browser will blindly trust the provided header. If the proxy can be bypassed, an attacker could simply attach the header and get admin access. Please ensure that File Browser is not accessible from untrusted networks, and that the proxy is correctly configured to strip/overwrite the header from client requests.
 
 ## Hook Authentication