Skip to content

N
nexpie-grafana-theme
Commit 46ebe245 by Torkel Ödegaard Committed by GitHub
Options

Merge pull request #13999 from roidelapluie/originreferer 

Remove Origin and Referer while proxying requests
parents 057696a0 62417ca6
Showing with 14 additions and 1 deletions
pkg/api/pluginproxy/ds_proxy.go
...@@ -195,6 +195,10 @@ func (proxy *DataSourceProxy) getDirector() func(req *http.Request) { ...@@ -195,6 +195,10 @@ func (proxy *DataSourceProxy) getDirector() func(req *http.Request) {
req.Header.Del("X-Forwarded-Proto") req.Header.Del("X-Forwarded-Proto")
req.Header.Set("User-Agent", fmt.Sprintf("Grafana/%s", setting.BuildVersion)) req.Header.Set("User-Agent", fmt.Sprintf("Grafana/%s", setting.BuildVersion))
// Clear Origin and Referer to avoir CORS issues
req.Header.Del("Origin")
req.Header.Del("Referer")
// set X-Forwarded-For header // set X-Forwarded-For header
if req.RemoteAddr != "" { if req.RemoteAddr != "" {
remoteAddr, _, err := net.SplitHostPort(req.RemoteAddr) remoteAddr, _, err := net.SplitHostPort(req.RemoteAddr)
......
pkg/api/pluginproxy/ds_proxy_test.go
...@@ -371,13 +371,22 @@ func TestDSRouteRule(t *testing.T) { ...@@ -371,13 +371,22 @@ func TestDSRouteRule(t *testing.T) {
ctx := &m.ReqContext{} ctx := &m.ReqContext{}
proxy := NewDataSourceProxy(ds, plugin, ctx, "/path/to/folder/") proxy := NewDataSourceProxy(ds, plugin, ctx, "/path/to/folder/")
req, err := http.NewRequest(http.MethodGet, "http://grafana.com/sub", nil) req, err := http.NewRequest(http.MethodGet, "http://grafana.com/sub", nil)
req.Header.Add("Origin", "grafana.com")
req.Header.Add("Referer", "grafana.com")
req.Header.Add("X-Canary", "stillthere")
So(err, ShouldBeNil) So(err, ShouldBeNil)
proxy.getDirector()(req) proxy.getDirector()(req)
Convey("Shoudl keep user request (including trailing slash)", func() { Convey("Should keep user request (including trailing slash)", func() {
So(req.URL.String(), ShouldEqual, "http://host/root/path/to/folder/") So(req.URL.String(), ShouldEqual, "http://host/root/path/to/folder/")
}) })
Convey("Origin and Referer headers should be dropped", func() {
So(req.Header.Get("Origin"), ShouldEqual, "")
So(req.Header.Get("Referer"), ShouldEqual, "")
So(req.Header.Get("X-Canary"), ShouldEqual, "stillthere")
})
}) })
}) })
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment