Security: Use Header.Set and Header.Del for X-Grafana-User header (#25495)
This ensures that the X-Grafana-User header can be trusted. If the configuration enabled the setting of this header, the server can now trust that X-Grafana-User is set/unset by Grafana. Before this, an anonymous user could simply set the X-Grafana-User header themselves (using the developer tool for example)
Showing
Please
register
or
sign in
to comment