From 65aaaa39f24545837a1c1241c76009bda159f290 Mon Sep 17 00:00:00 2001
From: Nick Sweeting <github@sweeting.me>
Date: Wed, 8 May 2024 20:36:06 -0700
Subject: [PATCH] Updated Setting up Authentication (markdown)

---
 Setting-up-Authentication.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Setting-up-Authentication.md b/Setting-up-Authentication.md
index 2bec9c1..960c606 100644
--- a/Setting-up-Authentication.md
+++ b/Setting-up-Authentication.md
@@ -203,7 +203,7 @@ curl -X 'GET' \
 
 > [!CAUTION]
 > We recommend sticking to header-based authentication and not using this method unless you deeply understand the CSRF/CORS security risks.
-> This method is mostly useful when testing the API from browser devtools or external apps where CSRF/CORS is not a concern (e.g. `wget`, `curl`).
+> This method is mostly useful when testing the API from external apps where CSRF/CORS is not a concern (e.g. `wget`, `curl`), or browser devtools during testing.
 
 > Browsers enforce that requests made to the ArchiveBox API from *other domains* will not include any session cookies by default. This is is an [important security principle](https://docs.djangoproject.com/en/5.0/ref/csrf/) that protects you from API requests being initiated from JS served to users on websites you don't control (aka CSRF/CORS attacks).
 >