Add check so that header is not sent for anonymous users

2025-02-25 18:55:37 -06:00 · 2019-03-14 16:28:32 +01:00 · 2019-03-14 16:28:32 +01:00 · 697a87b7b2
commit 697a87b7b2
parent 6587a967eb
7 changed files with 32 additions and 5 deletions
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@ -157,7 +157,7 @@ logging = false
 # How long the data proxy should wait before timing out default is 30 (seconds)
 timeout = 30
-# If enabled data proxy will add X-Grafana-User header with username into the request, default is false.
+# If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request, default is false.
 send_user_header = false
 #################################### Analytics ###########################
--- a/conf/sample.ini
+++ b/conf/sample.ini
@ -144,7 +144,7 @@ log_queries =
 # How long the data proxy should wait before timing out default is 30 (seconds)
 ;timeout = 30
-# If enabled data proxy will add X-Grafana-User header with username into the request, default is false.
+# If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request, default is false.
 ;send_user_header = false
 #################################### Analytics ####################################
--- a/docs/sources/installation/configuration.md
+++ b/docs/sources/installation/configuration.md
@ -423,7 +423,7 @@ How long the data proxy should wait before timing out default is 30 (seconds)
 ### send_user_header
-If enabled data proxy will add X-Grafana-User header with username into the request, default is false.
+If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request, default is false.
 <hr />
--- a/pkg/api/pluginproxy/ds_proxy.go
+++ b/pkg/api/pluginproxy/ds_proxy.go
@ -172,7 +172,7 @@ func (proxy *DataSourceProxy) getDirector() func(req *http.Request) {
 			req.Header.Add("Authorization", dsAuth)
 		}
-		if proxy.cfg.SendUserHeader {
+		if proxy.cfg.SendUserHeader && !proxy.ctx.SignedInUser.IsAnonymous {
 			req.Header.Add("X-Grafana-User", proxy.ctx.SignedInUser.Login)
 		}
--- a/pkg/api/pluginproxy/ds_proxy_test.go
+++ b/pkg/api/pluginproxy/ds_proxy_test.go
@ -417,6 +417,19 @@ func TestDSRouteRule(t *testing.T) {
 				So(req.Header.Get("X-Grafana-User"), ShouldEqual, "")
 			})
 		})
 		Convey("When SendUserHeader config is enabled but user is anonymous", func() {
 			req := getDatasourceProxiedRequest(
 				&m.ReqContext{
 					SignedInUser: &m.SignedInUser{IsAnonymous: true},
 				},
 				&setting.Cfg{SendUserHeader: true},
 			)
 			Convey("Should not add header with username", func() {
 				// Get will return empty string even if header is not set
 				So(req.Header.Get("X-Grafana-User"), ShouldEqual, "")
 			})
 		})
 	})
 }
--- a/pkg/api/pluginproxy/pluginproxy.go
+++ b/pkg/api/pluginproxy/pluginproxy.go
@ -80,7 +80,7 @@ func NewApiPluginProxy(ctx *m.ReqContext, proxyPath string, route *plugins.AppPl
 		req.Header.Add("X-Grafana-Context", string(ctxJson))
-		if cfg.SendUserHeader {
+		if cfg.SendUserHeader && !ctx.SignedInUser.IsAnonymous {
 			req.Header.Add("X-Grafana-User", ctx.SignedInUser.Login)
 		}
--- a/pkg/api/pluginproxy/pluginproxy_test.go
+++ b/pkg/api/pluginproxy/pluginproxy_test.go
@ -75,6 +75,20 @@ func TestPluginProxy(t *testing.T) {
 			So(req.Header.Get("X-Grafana-User"), ShouldEqual, "")
 		})
 	})
 	Convey("When SendUserHeader config is enabled but user is anonymous", t, func() {
 		req := getPluginProxiedRequest(
 			&m.ReqContext{
 				SignedInUser: &m.SignedInUser{IsAnonymous: true},
 			},
 			&setting.Cfg{SendUserHeader: true},
 		)
 		Convey("Should not add header with username", func() {
 			// Get will return empty string even if header is not set
 			So(req.Header.Get("X-Grafana-User"), ShouldEqual, "")
 		})
 	})
 }
 // getPluginProxiedRequest is a helper for easier setup of tests based on global config and ReqContext.