From 831bd083c2ac8fb5ec098459a45a22578ad4f8d4 Mon Sep 17 00:00:00 2001 From: Dan Milne Date: Fri, 24 Oct 2025 12:02:38 +1100 Subject: [PATCH] Update readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d9ca5d2..76b7673 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,8 @@ Works with reverse proxies (Caddy, Traefik, Nginx): 3. **401/403** → Proxy redirects to Clinch login; after login, user returns to original URL Apps that speak OIDC use the OIDC flow; apps that only need "who is it?" headers use ForwardAuth. -Forward Auth works only on the same domain as Clinch runs + +**Note:** ForwardAuth requires applications to run on the same domain as Clinch (e.g., `app.yourdomain.com` with Clinch at `auth.yourdomain.com`) for secure session cookie sharing. Take a look at Authentik if you need multi domain support. ### SMTP Integration Send emails for: