DataProxy: Restore Set-Cookie header after proxy request (#16838)
If Grafana rotates the user's auth token during a request to the data source proxy it will set the Set-Cookie header with new auth token in response before proxying the request to the datasource. Before this fix the Set-Cookie response header was cleared after the proxied request was finished to make sure that proxied datasources cannot affect cookies in users browsers. This had the consequence of accidentally also clearing the new auth token set in Set-Cookie header. With this fix the original Set-Cookie value in response header is now restored after the proxied datasource request is finished. The existing logic of clearing Set-Cookie response header from proxied request have been left intact. Fixes #16757
This commit is contained in:
Marcus Efraimsson
committed by
GitHub
GitHub
parent
e5971eef1f
commit
e210725d3d
@@ -101,8 +101,14 @@ func (proxy *DataSourceProxy) HandleRequest() {
|
||||
opentracing.HTTPHeaders,
|
||||
opentracing.HTTPHeadersCarrier(proxy.ctx.Req.Request.Header))
|
||||
|
||||
originalSetCookie := proxy.ctx.Resp.Header().Get("Set-Cookie")
|
||||
|
||||
reverseProxy.ServeHTTP(proxy.ctx.Resp, proxy.ctx.Req.Request)
|
||||
proxy.ctx.Resp.Header().Del("Set-Cookie")
|
||||
|
||||
if originalSetCookie != "" {
|
||||
proxy.ctx.Resp.Header().Set("Set-Cookie", originalSetCookie)
|
||||
}
|
||||
}
|
||||
|
||||
func (proxy *DataSourceProxy) addTraceFromHeaderValue(span opentracing.Span, headerName string, tagName string) {
|
||||
|
||||
Reference in New Issue
Block a user