mirror of
https://github.com/robertwayne/axum-htmx
synced 2024-11-26 05:09:35 +01:00
Update README.md
This commit is contained in:
parent
8befd4414b
commit
4aa5cd299d
1 changed files with 6 additions and 0 deletions
|
@ -58,6 +58,12 @@ for the `HX-Request` header. This will return a `403: Forbidden` response if the
|
|||
header is not present, which is useful if you want to make an entire router, say
|
||||
`/api`, only accessible via htmx requests.
|
||||
|
||||
_It should be noted that this is NOT a replacement for authentication. A user
|
||||
can trivially set the `HX-Request` header themselves. This is merely a
|
||||
convenience for preventing users from receiving partial responses without full
|
||||
context. If you need to secure an endpoint, you should be using a proper
|
||||
authentication system._
|
||||
|
||||
## Example: Extractors
|
||||
|
||||
In this example, we'll look for the `HX-Boosted` header, which is set when
|
||||
|
|
Loading…
Reference in a new issue