DOC: config: fix jwt_verify() example using var()

To prevent bogus matches, var() does not default to string type anymore since 44c5ff6 ("MEDIUM: vars: make the var() sample fetch function really return type ANY). Thanks to the above fix, haproxy now returns an error if var() is used within an ACL or IF condition and the matching type is not explicitly set. However, the documentation was not updated to reflect this change. This partially fixes GH #2087 and must be backported up to 2.6.
2024-12-18 09:24:31 +00:00 · 2023-05-26 14:29:58 +02:00 · 2023-05-26 14:29:58 +02:00 · b1d94e84e8
commit b1d94e84e8
parent a475448161
1 changed files with 1 additions and 1 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -18258,7 +18258,7 @@ jwt_verify(<alg>,<key>)
     # JOSE header and use a public certificate to verify a signature
     http-request set-var(txn.bearer) http_auth_bearer
     http-request set-var(txn.jwt_alg) var(txn.bearer),jwt_header_query('$.alg')
-     http-request deny unless { var(txn.jwt_alg) "RS256" }
+     http-request deny unless { var(txn.jwt_alg) -m str "RS256" }
     http-request deny unless { var(txn.bearer),jwt_verify(txn.jwt_alg,"/path/to/crt.pem") 1 }

 language(<value>[,<default>])