From b1d94e84e8b90240883a60066c393c1991669701 Mon Sep 17 00:00:00 2001 From: Aurelien DARRAGON Date: Fri, 26 May 2023 14:29:58 +0200 Subject: [PATCH] DOC: config: fix jwt_verify() example using var() To prevent bogus matches, var() does not default to string type anymore since 44c5ff6 ("MEDIUM: vars: make the var() sample fetch function really return type ANY). Thanks to the above fix, haproxy now returns an error if var() is used within an ACL or IF condition and the matching type is not explicitly set. However, the documentation was not updated to reflect this change. This partially fixes GH #2087 and must be backported up to 2.6. --- doc/configuration.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index b147b501c..0a5e30073 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -18258,7 +18258,7 @@ jwt_verify(,) # JOSE header and use a public certificate to verify a signature http-request set-var(txn.bearer) http_auth_bearer http-request set-var(txn.jwt_alg) var(txn.bearer),jwt_header_query('$.alg') - http-request deny unless { var(txn.jwt_alg) "RS256" } + http-request deny unless { var(txn.jwt_alg) -m str "RS256" } http-request deny unless { var(txn.bearer),jwt_verify(txn.jwt_alg,"/path/to/crt.pem") 1 } language([,])