mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
Sandbox: do not load grafana signed app plugins into the sandbox (#78334)
* Sandbox: do not load grafana signed app plugins into the sandbox * remove unused dependency
This commit is contained in:
parent
437ae8e8c5
commit
cfc67a9e2d
@ -68,7 +68,7 @@ export async function importPluginModule({
|
||||
}
|
||||
|
||||
// the sandboxing environment code cannot work in nodejs and requires a real browser
|
||||
if (isFrontendSandboxSupported({ isAngular, pluginId })) {
|
||||
if (await isFrontendSandboxSupported({ isAngular, pluginId })) {
|
||||
return importPluginModuleInSandbox({ pluginId });
|
||||
}
|
||||
|
||||
|
@ -1,9 +1,12 @@
|
||||
import { isNearMembraneProxy } from '@locker/near-membrane-shared';
|
||||
import React from 'react';
|
||||
|
||||
import { PluginSignatureType, PluginType } from '@grafana/data';
|
||||
import { LogContext } from '@grafana/faro-web-sdk';
|
||||
import { logWarning as logWarningRuntime, logError as logErrorRuntime, config } from '@grafana/runtime';
|
||||
|
||||
import { getPluginSettings } from '../pluginSettings';
|
||||
|
||||
import { SandboxedPluginObject } from './types';
|
||||
|
||||
const monitorOnly = Boolean(config.featureToggles.frontendSandboxMonitorOnly);
|
||||
@ -38,23 +41,47 @@ export function logError(error: Error, context?: LogContext) {
|
||||
logErrorRuntime(error, context);
|
||||
}
|
||||
|
||||
export function isFrontendSandboxSupported({
|
||||
export async function isFrontendSandboxSupported({
|
||||
isAngular,
|
||||
pluginId,
|
||||
}: {
|
||||
isAngular?: boolean;
|
||||
pluginId: string;
|
||||
}): boolean {
|
||||
}): Promise<boolean> {
|
||||
// Only if the feature is not enabled no support for sandbox
|
||||
if (!Boolean(config.featureToggles.pluginsFrontendSandbox)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// no support for angular plugins
|
||||
if (isAngular) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// To fast test and debug the sandbox in the browser.
|
||||
const sandboxQueryParam = location.search.includes('nosandbox') && config.buildInfo.env === 'development';
|
||||
const sandboxDisableQueryParam = location.search.includes('nosandbox') && config.buildInfo.env === 'development';
|
||||
if (sandboxDisableQueryParam) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// if disabled by configuration
|
||||
const isPluginExcepted = config.disableFrontendSandboxForPlugins.includes(pluginId);
|
||||
return (
|
||||
!isAngular &&
|
||||
Boolean(config.featureToggles.pluginsFrontendSandbox) &&
|
||||
process.env.NODE_ENV !== 'test' &&
|
||||
!isPluginExcepted &&
|
||||
!sandboxQueryParam
|
||||
);
|
||||
if (isPluginExcepted) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// no sandbox in test mode. it often breaks e2e tests
|
||||
if (process.env.NODE_ENV === 'test') {
|
||||
return false;
|
||||
}
|
||||
|
||||
// we don't run grafana-own apps in the sandbox
|
||||
const pluginMeta = await getPluginSettings(pluginId);
|
||||
if (pluginMeta.type === PluginType.app && pluginMeta.signatureType === PluginSignatureType.grafana) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
function isRegex(value: unknown): value is RegExp {
|
||||
|
Loading…
Reference in New Issue
Block a user