Proxy: Improve header handling for reverse proxy (#67279)

2025-02-25 18:55:37 -06:00 · 2023-04-27 13:30:11 +02:00
parent 2306fb38dc
commit cefeef7134
3 changed files with 37 additions and 2 deletions
--- a/pkg/util/proxyutil/reverse_proxy.go
+++ b/pkg/util/proxyutil/reverse_proxy.go
@@ -79,11 +79,30 @@ func wrapDirector(d func(*http.Request)) func(req *http.Request) {
 	}
 }

+// deletedHeaders lists a number of headers that we don't want to
+// pass-through from the upstream when using a reverse proxy.
+//
+// These are related to the connection between Grafana and the proxy
+// or instructions that would alter how a browser will interact with
+// future requests to Grafana (such as enabling Strict Transport
+// Security)
+var deletedHeaders = []string{
+	"Alt-Svc",
+	"Close",
+	"Server",
+	"Set-Cookie",
+	"Strict-Transport-Security",
+}
+
 // modifyResponse enforces certain constraints on http.Response.
 func modifyResponse(logger glog.Logger) func(resp *http.Response) error {
 	return func(resp *http.Response) error {
-		resp.Header.Del("Set-Cookie")
+		for _, header := range deletedHeaders {
+			resp.Header.Del(header)
+		}
+
 		SetProxyResponseHeaders(resp.Header)
+		SetViaHeader(resp.Header, resp.ProtoMajor, resp.ProtoMinor)
 		return nil
 	}
 }