From 5c9486afbc6081fcb7ac5287161e96dc2ad7300d Mon Sep 17 00:00:00 2001
From: Brian Gann <briangann@users.noreply.github.com>
Date: Mon, 23 Sep 2024 15:41:29 -0400
Subject: [PATCH] area/configuration: adds docs for actions_allow_post_url
 security option (#93629)

adds docs for actions_allow_post_url security option
---
 .../setup-grafana/configure-grafana/_index.md        | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docs/sources/setup-grafana/configure-grafana/_index.md b/docs/sources/setup-grafana/configure-grafana/_index.md
index 269b3dad366..505b3b141a5 100644
--- a/docs/sources/setup-grafana/configure-grafana/_index.md
+++ b/docs/sources/setup-grafana/configure-grafana/_index.md
@@ -701,6 +701,18 @@ You can enable both policies simultaneously.
 
 Set the policy template that will be used when adding the `Content-Security-Policy-Report-Only` header to your requests. `$NONCE` in the template includes a random nonce.
 
+### actions_allow_post_url
+
+Sets API paths to be accessible between plugins using the POST verb. This is a comma separated list, and uses glob matching.
+
+This will allow access to all plugins that have a backend:
+
+`actions_allow_post_url=/api/plugins/*`
+
+This will limit access to the backend of a single plugin:
+
+`actions_allow_post_url=/api/plugins/grafana-special-app`
+
 <hr />
 
 ### angular_support_enabled