Robbert Gurdeep Singh d7aa9959a4 Security: Use Header.Set and Header.Del for X-Grafana-User header (#25495) ...

This ensures that the X-Grafana-User header can be trusted.
If the configuration enabled the setting of this header, the
server can now trust that X-Grafana-User is set/unset by Grafana.
Before this, an anonymous user could simply set the X-Grafana-User
header themselves (using the developer tool for example)

(cherry picked from commit 034abaa73a)

2020-06-25 08:45:15 +02:00

1.6 KiB

Raw Blame History

View Raw