From 22225c5bd08bc7bb1aae996fc980c31c9570a008 Mon Sep 17 00:00:00 2001
From: Nihal Gonsalves <nihal@nihalgonsalves.com>
Date: Sat, 21 Mar 2026 21:20:15 +0100
Subject: [PATCH] Update web app FAQ to include `require-login`

---
 docs/faq.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/faq.md b/docs/faq.md
index 5153c700..1e8985b7 100644
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -71,7 +71,8 @@ The web app is a static website without a backend (other than the ntfy API). All
 cache and local storage. That means it does not need to be protected with a login screen, and it poses no additional 
 security risk. So technically, it does not need to be disabled.
 
-However, if you still want to disable it, you can do so with the `web-root: disable` option in the `server.yml` file. 
+However, if you still want, you can require login with the `require-login: true` option,
+or disable it with the `web-root: disable` option in the `server.yml` file. 
 
 Think of the ntfy web app like an Android/iOS app. It is freely available and accessible to anyone, yet useless without
 a proper backend. So as long as you secure your backend with ACLs, exposing the ntfy web app to the Internet is harmless.