IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-11-25 18:30:41 -06:00
Code Issues Packages Projects Releases Wiki Activity

live: handle origin without port set (#36834)

Browse Source
This commit is contained in:
Alexander Emelin 2021-07-17 13:38:33 +03:00 committed by GitHub
parent 248b442ca3
commit 37caebc934
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/services/live/live.go
View File

@ -402,9 +402,17 @@ func checkAllowedOrigin(origin string, appURL *url.URL, originGlobs []glob.Glob)
logger.Warn("Failed to parse request origin", "error", err, "origin", origin)
return false, err
}
if strings.EqualFold(originURL.Scheme, appURL.Scheme) && strings.EqualFold(originURL.Host, appURL.Host) {
return true, nil
// Try to match over configured [server] root_url first.
if originURL.Port() == "" {
if strings.EqualFold(originURL.Scheme, appURL.Scheme) && strings.EqualFold(originURL.Host, appURL.Hostname()) {
return true, nil
}
} else {
if strings.EqualFold(originURL.Scheme, appURL.Scheme) && strings.EqualFold(originURL.Host, appURL.Host) {
return true, nil
}
}
// If there is still no match try [live] allowed_origins patterns.
for _, pattern := range originGlobs {
if pattern.Match(origin) {
return true, nil

6
pkg/services/live/live_test.go
View File

@ -75,6 +75,12 @@ func TestCheckOrigin(t *testing.T) {
appURL: "http://localhost:3000/",
success: true,
},
{
name: "valid_origin_no_port",
origin: "https://www.example.com",
appURL: "https://www.example.com:443/grafana/",
success: true,
},
{
name: "unauthorized_origin",
origin: "http://localhost:8000",