cruftex opened a new issue, #12189:
URL: https://github.com/apache/apisix/issues/12189
### Current Behavior
If a plugin is missing, the section simply is ignored.
### Expected Behavior
Apisix should refuse operation for that specific route, since the
configuration is not intact
This is a possible security pitfall. In the example below, Apisix simply
passed through traffic without user authentication.
### Error Logs
_No response_
### Steps to Reproduce
apisix docker image version 3.12.0-debian standalone mode (configuration via
yaml file)
route like:
````
routes:
- id: 1
hosts:
- my.domain.net
uri: /*
plugins:
openid-connect:
client_id: ...
client_secret: ....
discovery: ....
scope: openid email
bearer_only: false
realm: ....
upstream:
type: roundrobin
nodes:
"httpbin.org": 1
````
### Environment
- APISIX version (run `apisix version`): 3.12.0-debian
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
