The server assumes all editable content is stored in the content directory relative to the root of the site's git repository i.e. current working directory. The URL to edit a particular page is prefixed with /edit and does not contain the file extension. So to edit the file content/foo/bar.md one would browse to the URL /edit/foo/bar.
The server expects a trusted reverse proxy (like oauth2-proxy) to set X-Forwarded-Email. Requests that do not set an email address will be denied. All authentication can be disabled by setting --allow-anonymous.