DOC: config: fix jwt_verify() example using var()

To prevent bogus matches, var() does not default to string type anymore
since 44c5ff6 ("MEDIUM: vars: make the var() sample fetch function really
return type ANY).

Thanks to the above fix, haproxy now returns an error if var() is used
within an ACL or IF condition and the matching type is not explicitly
set.

However, the documentation was not updated to reflect this change.

This partially fixes GH #2087 and must be backported up to 2.6.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index b147b501cfbc42f5ce12bd1709f55d924264f8ab..0a5e300731fe19619ee28a0fc377bd7fc4ecedfc 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -18258,7 +18258,7 @@ jwt_verify(<alg>,<key>)
      # JOSE header and use a public certificate to verify a signature
      http-request set-var(txn.bearer) http_auth_bearer
      http-request set-var(txn.jwt_alg) var(txn.bearer),jwt_header_query('$.alg')
-     http-request deny unless { var(txn.jwt_alg) "RS256" }
+     http-request deny unless { var(txn.jwt_alg) -m str "RS256" }
      http-request deny unless { var(txn.bearer),jwt_verify(txn.jwt_alg,"/path/to/crt.pem") 1 }
 
 language(<value>[,<default>])