From: Aurelien DARRAGON Date: Fri, 26 May 2023 12:29:58 +0000 (+0200) Subject: DOC: config: fix jwt_verify() example using var() X-Git-Tag: v2.9-dev1~68 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b1d94e84e8b90240883a60066c393c1991669701;p=thirdparty%2Fhaproxy.git DOC: config: fix jwt_verify() example using var() To prevent bogus matches, var() does not default to string type anymore since 44c5ff6 ("MEDIUM: vars: make the var() sample fetch function really return type ANY). Thanks to the above fix, haproxy now returns an error if var() is used within an ACL or IF condition and the matching type is not explicitly set. However, the documentation was not updated to reflect this change. This partially fixes GH #2087 and must be backported up to 2.6. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index b147b501cf..0a5e300731 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -18258,7 +18258,7 @@ jwt_verify(,) # JOSE header and use a public certificate to verify a signature http-request set-var(txn.bearer) http_auth_bearer http-request set-var(txn.jwt_alg) var(txn.bearer),jwt_header_query('$.alg') - http-request deny unless { var(txn.jwt_alg) "RS256" } + http-request deny unless { var(txn.jwt_alg) -m str "RS256" } http-request deny unless { var(txn.bearer),jwt_verify(txn.jwt_alg,"/path/to/crt.pem") 1 } language([,])