explicitly tell users that the www-authenticate header must be set on every response from the HTTP server

nerdmaennchen · nerdmaennchen · commit c76660261851 · 2019-10-22T19:55:19.000+08:00
Signed-off-by: Lutz Freitag &lt;lutz@gottliebtfreitag.de&gt;
diff --git a/README.md b/README.md
@@ -136,6 +136,8 @@ BasicAuth
 
 Authenticate users by an [HTTP Basic access authentication][BasicAuth_0]  call.
 HTTP server of your choice to authenticate. It should return HTTP 2xx for correct credentials and an appropriate other error code for wrong ones or refused access.
+The HTTP server _must_ respond to any requests to the target URL with the "www-authenticate" header set. 
+Otherwise BasicAuth considers itself to be misconfigured or the HTTP server unfit for authentication.
 
 ### Configuration
 The only supported parameter is the URL of the web server where the authentication happens.
