Add check so that header is not sent for anonymous users

2025-02-25 18:55:37 -06:00 · 2019-03-14 16:28:32 +01:00
parent 6587a967eb
commit 697a87b7b2
7 changed files with 32 additions and 5 deletions
--- a/pkg/api/pluginproxy/pluginproxy_test.go
+++ b/pkg/api/pluginproxy/pluginproxy_test.go
@@ -75,6 +75,20 @@ func TestPluginProxy(t *testing.T) {
 			So(req.Header.Get("X-Grafana-User"), ShouldEqual, "")
 		})
 	})
+
+	Convey("When SendUserHeader config is enabled but user is anonymous", t, func() {
+		req := getPluginProxiedRequest(
+			&m.ReqContext{
+				SignedInUser: &m.SignedInUser{IsAnonymous: true},
+			},
+			&setting.Cfg{SendUserHeader: true},
+		)
+
+		Convey("Should not add header with username", func() {
+			// Get will return empty string even if header is not set
+			So(req.Header.Get("X-Grafana-User"), ShouldEqual, "")
+		})
+	})
 }

 // getPluginProxiedRequest is a helper for easier setup of tests based on global config and ReqContext.