We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 12c6da0 commit cbc361bCopy full SHA for cbc361b
1 file changed
docs/01-jwt.md
@@ -819,6 +819,11 @@ func Example_jwt_parse_with_jku() {
819
// its own keys accepted as "the issuer's keys". This example uses
820
// srv.URL as a "known issuer" because httptest picks a random
821
// port each run.
822
+ //
823
+ // If you use a RegexpWhitelist instead of a MapWhitelist, anchor
824
+ // the pattern — e.g. `^https://issuer\.example/` — because patterns
825
+ // are NOT anchored for you, and an unanchored pattern silently
826
+ // allows look-alike hosts like issuer.example.attacker.com.
827
client := jwkfetch.NewClient(
828
// httptest serves HTTPS with a self-signed cert, so the
829
// Client needs srv.Client() to validate it.
0 commit comments