authentication: use hidden form instead of referer

[ps-cgit] / cgitrc.5.txt

diff --git a/cgitrc.5.txt b/cgitrc.5.txt
index c45dbd3681de8f7a258d8f84669d1bc08ca7d6d5..682d8bb46f2202b3df3b469350cdf76974f4ae3b 100644 (file)
--- a/cgitrc.5.txt
+++ b/cgitrc.5.txt
@@ -662,7 +662,8 @@ auth filter::
        the http cookie and return a 0 if it is invalid or 1 if it is invalid,
        in the exit code / close function. If the filter action is
        "authenticate-post", this filter receives POST'd parameters on
-       standard input, and should write to output one or more "Set-Cookie"
+       standard input, and should write a complete CGI request, preferably
+       with a 302 redirect, and write to output one or more "Set-Cookie"
        HTTP headers, each followed by a newline.
 
        Please see `filters/simple-authentication.lua` for a clear example