From 3d2f660801e341d2b9712d7e8992eac3df044a09 Mon Sep 17 00:00:00 2001
From: Tim Nyborg <tim.nyborg@gmail.com>
Date: Sat, 23 Oct 2021 15:29:34 +0100
Subject: [PATCH] clarify old urls should be removed

from comment in #90
---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 1ba3b6e..c1c1237 100644
--- a/README.md
+++ b/README.md
@@ -201,7 +201,8 @@ See `WebSocketProgressRecorder` and `websockets.js` for details.
 # Securing the get_progress endpoint
 By default, anyone can see the status and result of any task by accessing `/celery-progress/<task_id>`
 
-To limit access, you need to wrap `get_progress()` in a view of your own which implements the permissions check, and _replace_ the url routing to point to your view.
+To limit access, you need to wrap `get_progress()` in a view of your own which implements the permissions check, and create a new url routing to point to your view.  Make sure to remove any existing (unprotected) celery progress urls from your root urlconf at the same time.
+
 
 For example, requiring login with a class-based view:
 ```python