From 5bccbae862cbf1ca7d02f717b076aca86b1456e5 Mon Sep 17 00:00:00 2001
From: Erik Stephens <erik@orvant.com>
Date: Sat, 18 Apr 2015 12:34:45 -0700
Subject: [PATCH] Include notes for nginx as well

---
 README.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 0ff7dfa..5e0538d 100644
--- a/README.md
+++ b/README.md
@@ -65,7 +65,10 @@ Digest authentication example
 WSGI Considerations
 -------------------
 
-Make sure to set `WSGIPassAuthorization On` as [documented here](https://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPassAuthorization) to prevent the frontend web server from consuming the authorization header.
+Make sure that the authorization headers are passed through to your application.  Otherwise, your callbacks will have empty values for the user & password.  Here are the directives needed for the following web servers.
+
+- Apache: set `WSGIPassAuthorization On` as [documented here](https://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPassAuthorization).
+- Nginx: set `wsgi_pass_authorization on` as [documented here](http://wiki.nginx.org/NgxWSGIModule)
 
 Resources
 ---------