mirror of
https://github.com/grafana/grafana.git
synced 2025-02-14 17:43:35 -06:00
6f8fcae01b
* Plugins: Remove support for V1 manifests
* Plugins: Make proxy endpoints not leak sensitive HTTP headers
* Security: Fix do not forward login cookie in outgoing requests
(cherry picked from commit 4539c33fce)
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
25 lines
922 B
Go
25 lines
922 B
Go
package httpclientprovider
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/grafana/grafana-plugin-sdk-go/backend/httpclient"
|
|
"github.com/grafana/grafana/pkg/util/proxyutil"
|
|
)
|
|
|
|
const ForwardedCookiesMiddlewareName = "forwarded-cookies"
|
|
|
|
// ForwardedCookiesMiddleware middleware that sets Cookie header on the
|
|
// outgoing request, if forwarded cookies configured/provided.
|
|
func ForwardedCookiesMiddleware(forwardedCookies []*http.Cookie, allowedCookies []string, disallowedCookies []string) httpclient.Middleware {
|
|
return httpclient.NamedMiddlewareFunc(ForwardedCookiesMiddlewareName, func(opts httpclient.Options, next http.RoundTripper) http.RoundTripper {
|
|
return httpclient.RoundTripperFunc(func(req *http.Request) (*http.Response, error) {
|
|
for _, cookie := range forwardedCookies {
|
|
req.AddCookie(cookie)
|
|
}
|
|
proxyutil.ClearCookieHeader(req, allowedCookies, disallowedCookies)
|
|
return next.RoundTrip(req)
|
|
})
|
|
})
|
|
}
|