IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Strip out auth token from shared URL when sharing a dashboard (#79262)

Browse Source
This commit is contained in:
Vardan Torosyan
2023-12-08 16:07:29 +01:00
committed by GitHub
parent 6ee2bd4d29
commit edc197ef1d
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
public/app/features/dashboard/components/ShareModal/utils.test.ts
View File

@@ -29,6 +29,7 @@ describe('buildParams', () => {
${'var=%2B1&var=a+value+with+spaces&var=true'} | ${false} | ${'current'} | ${{ id: 3 }} | ${'var=%2B1&var=a+value+with+spaces&var=true&orgId=2&viewPanel=3'}
${'var=%2B1&var=a+value+with+spaces&var=true'} | ${false} | ${'light'} | ${undefined} | ${'var=%2B1&var=a+value+with+spaces&var=true&orgId=2&theme=light'}
${'var=%2B1&var=a+value+with+spaces&var=true'} | ${false} | ${'light'} | ${{ id: 3 }} | ${'var=%2B1&var=a+value+with+spaces&var=true&orgId=2&theme=light&viewPanel=3'}
${'auth_token=1234'} | ${true} | ${'current'} | ${undefined} | ${'from=1000&to=2000&orgId=2'}
`(
"when called with search: '$search' and useCurrentTimeRange: '$useCurrentTimeRange' and selectedTheme: '$selectedTheme' and panel: '$panel'then result should be '$expected'",
({ search, useCurrentTimeRange, selectedTheme, panel, expected }) => {

3
public/app/features/dashboard/components/ShareModal/utils.ts
View File

@@ -49,6 +49,9 @@ export function buildParams({
searchParams.set('viewPanel', String(panel.id));
}
// Token is unique to the authenticated identity and should not be shared with the URL,
// so we are stripping it from the query params as a safety measure.
searchParams.delete('auth_token');
return searchParams;
}