IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Canvas: Button API - Block Calls to Grafana (#76309)

Browse Source 
* Canvas: Button API - Block Calls to Grafana

* Move origin check inside of api logic

* Change grafana url source from href to origin

---------

Co-authored-by: nmarrs <nathanielmarrs@gmail.com>
This commit is contained in:
Drew Slobodnjak 2023-10-11 09:21:02 -07:00 committed by GitHub
parent 6983af3a70
commit 046e9b7672
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
public/app/plugins/panel/canvas/editor/element/utils.ts
View File

@ -9,6 +9,11 @@ import { APIEditorConfig } from './APIEditor';
export const callApi = (api: APIEditorConfig, isTest = false) => {
if (api && api.endpoint) {
// If API endpoint origin matches Grafana origin, don't call it.
if (requestMatchesGrafanaOrigin(api.endpoint)) {
appEvents.emit(AppEvents.alertError, ['Cannot call API at Grafana origin.']);
return;
}
const request = getRequest(api);
getBackendSrv()
@ -77,3 +82,9 @@ const getData = (api: APIEditorConfig) => {
return data;
};
const requestMatchesGrafanaOrigin = (requestEndpoint: string) => {
const requestURL = new URL(requestEndpoint);
const grafanaURL = new URL(window.location.origin);
return requestURL.origin === grafanaURL.origin;
};