From 37caebc9348cf0074f9531ccf86ac9992039639f Mon Sep 17 00:00:00 2001
From: Alexander Emelin <frvzmb@gmail.com>
Date: Sat, 17 Jul 2021 13:38:33 +0300
Subject: [PATCH] live: handle origin without port set (#36834)

---
 pkg/services/live/live.go      | 12 ++++++++++--
 pkg/services/live/live_test.go |  6 ++++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/pkg/services/live/live.go b/pkg/services/live/live.go
index 7b3ab5504f8..41297552fa5 100644
--- a/pkg/services/live/live.go
+++ b/pkg/services/live/live.go
@@ -402,9 +402,17 @@ func checkAllowedOrigin(origin string, appURL *url.URL, originGlobs []glob.Glob)
 		logger.Warn("Failed to parse request origin", "error", err, "origin", origin)
 		return false, err
 	}
-	if strings.EqualFold(originURL.Scheme, appURL.Scheme) && strings.EqualFold(originURL.Host, appURL.Host) {
-		return true, nil
+	// Try to match over configured [server] root_url first.
+	if originURL.Port() == "" {
+		if strings.EqualFold(originURL.Scheme, appURL.Scheme) && strings.EqualFold(originURL.Host, appURL.Hostname()) {
+			return true, nil
+		}
+	} else {
+		if strings.EqualFold(originURL.Scheme, appURL.Scheme) && strings.EqualFold(originURL.Host, appURL.Host) {
+			return true, nil
+		}
 	}
+	// If there is still no match try [live] allowed_origins patterns.
 	for _, pattern := range originGlobs {
 		if pattern.Match(origin) {
 			return true, nil
diff --git a/pkg/services/live/live_test.go b/pkg/services/live/live_test.go
index 44db4556ddc..a1850d58f11 100644
--- a/pkg/services/live/live_test.go
+++ b/pkg/services/live/live_test.go
@@ -75,6 +75,12 @@ func TestCheckOrigin(t *testing.T) {
 			appURL:  "http://localhost:3000/",
 			success: true,
 		},
+		{
+			name:    "valid_origin_no_port",
+			origin:  "https://www.example.com",
+			appURL:  "https://www.example.com:443/grafana/",
+			success: true,
+		},
 		{
 			name:    "unauthorized_origin",
 			origin:  "http://localhost:8000",