ds_proxy.go
10.8 KB
-
DataProxy: Restore Set-Cookie header after proxy request (#16838) · e210725d
If Grafana rotates the user's auth token during a request to the data source proxy it will set the Set-Cookie header with new auth token in response before proxying the request to the datasource. Before this fix the Set-Cookie response header was cleared after the proxied request was finished to make sure that proxied datasources cannot affect cookies in users browsers. This had the consequence of accidentally also clearing the new auth token set in Set-Cookie header. With this fix the original Set-Cookie value in response header is now restored after the proxied datasource request is finished. The existing logic of clearing Set-Cookie response header from proxied request have been left intact. Fixes #16757
Marcus Efraimsson committed