IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

remove X-Forwarded-* headers added by nginx when proxying data source & plugin requests (#8418)

Browse Source 
* remove X-Forwarded-* headers added by nginx when proxying data source & plugin requests

* properly handle X-Forwarded-For
This commit is contained in:
Dan Cech 2017-05-24 04:39:40 -07:00 committed by Torkel Ödegaard
parent 2d29d7b3d6
commit 007c08f2a8
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
pkg/api/dataproxy.go
View File

@ -3,6 +3,7 @@ package api
import ( import (
"bytes" "bytes"
"io/ioutil" "io/ioutil"
"net"
"net/http" "net/http"
"net/http/httputil" "net/http/httputil"
"net/url" "net/url"
@ -62,6 +63,27 @@ func NewReverseProxy(ds *m.DataSource, proxyPath string, targetUrl *url.URL) *ht
// clear cookie headers // clear cookie headers
req.Header.Del("Cookie") req.Header.Del("Cookie")
req.Header.Del("Set-Cookie") req.Header.Del("Set-Cookie")
// clear X-Forwarded Host/Port/Proto headers
req.Header.Del("X-Forwarded-Host")
req.Header.Del("X-Forwarded-Port")
req.Header.Del("X-Forwarded-Proto")
// set X-Forwarded-For header
if req.RemoteAddr != "" {
remoteAddr, _, err := net.SplitHostPort(req.RemoteAddr)
if err != nil {
remoteAddr = req.RemoteAddr
}
if req.Header.Get("X-Forwarded-For") != "" {
req.Header.Set("X-Forwarded-For", req.Header.Get("X-Forwarded-For")+", "+remoteAddr)
} else {
req.Header.Set("X-Forwarded-For", remoteAddr)
}
}
// reqBytes, _ := httputil.DumpRequestOut(req, true);
// log.Trace("Proxying datasource request: %s", string(reqBytes))
} }
return &httputil.ReverseProxy{Director: director, FlushInterval: time.Millisecond * 200} return &httputil.ReverseProxy{Director: director, FlushInterval: time.Millisecond * 200}

21
pkg/api/pluginproxy/pluginproxy.go
View File

@ -5,6 +5,7 @@ import (
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
"net"
"net/http" "net/http"
"net/http/httputil" "net/http/httputil"
"net/url" "net/url"
@ -71,6 +72,24 @@ func NewApiPluginProxy(ctx *middleware.Context, proxyPath string, route *plugins
req.Header.Del("Cookie") req.Header.Del("Cookie")
req.Header.Del("Set-Cookie") req.Header.Del("Set-Cookie")
// clear X-Forwarded Host/Port/Proto headers
req.Header.Del("X-Forwarded-Host")
req.Header.Del("X-Forwarded-Port")
req.Header.Del("X-Forwarded-Proto")
// set X-Forwarded-For header
if req.RemoteAddr != "" {
remoteAddr, _, err := net.SplitHostPort(req.RemoteAddr)
if err != nil {
remoteAddr = req.RemoteAddr
}
if req.Header.Get("X-Forwarded-For") != "" {
req.Header.Set("X-Forwarded-For", req.Header.Get("X-Forwarded-For")+", "+remoteAddr)
} else {
req.Header.Set("X-Forwarded-For", remoteAddr)
}
}
// Create a HTTP header with the context in it. // Create a HTTP header with the context in it.
ctxJson, err := json.Marshal(ctx.SignedInUser) ctxJson, err := json.Marshal(ctx.SignedInUser)
if err != nil { if err != nil {
@ -93,6 +112,8 @@ func NewApiPluginProxy(ctx *middleware.Context, proxyPath string, route *plugins
} }
} }
// reqBytes, _ := httputil.DumpRequestOut(req, true);
// log.Trace("Proxying plugin request: %s", string(reqBytes))
} }
return &httputil.ReverseProxy{Director: director} return &httputil.ReverseProxy{Director: director}