Update docs and usage in tests

README.md

@@ -83,8 +83,8 @@ services.AddOptions<ClientCredentialsOptions>("MyClient").Bind(configuration.Get
 services.AddHttpClient<MyClient>().AddClientCredentialsHandler( /* [...] */);
 ```
 
-Note on `EnforceHttps`.
-It is possible to allow http authenticated requests, however, this should be limited to exceptional scenarios.
+Note on `EnforceHttps`, which is disabled by default.
+It is possible to allow http authenticated requests, however, this should be limited to specific scenarios, such as intra-cluster communication.
 It is strongly advised that you always use https for authenticated requests transmitted as the token sent will be in clear.
 
 Then, instantiate the `HttpClient` later on using `IHttpClientFactory` or directly inject it in the constructor if you used the generic registration:

src/Workleap.Authentication.ClientCredentialsGrant.Tests/ClientCredentialsTokenHttpMessageHandlerTests.cs

@@ -54,7 +54,6 @@ public async Task Throws_ClientCredentialsException_When_Http_By_Default()
     [Fact]
     public async Task SendAsync_When_EnforceHttps_False_For_Http_Requests()
     {
-        this._options.EnforceHttps = false;
         this._mockPrimaryHttpMessageHandler.ExpectedHttpResponseMessages = new[]
         {
             new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent("Access granted on first try") },