IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-14 09:33:34 -06:00
Code Issues Packages Projects Releases Wiki Activity
9d53653647
grafana/pkg/api/grafana_com_proxy.go
Matt Bostock 16c5d0e4b7 Always verify TLS unless explicitly told otherwise 
TLS was not being verified in a number of places:

- connections to grafana.com

- connections to OAuth providers when TLS client authentication was
  enabled

- connections to self-hosted Grafana installations when using the CLI
  tool

TLS should always be verified unless the user explicitly enables an
option to skip verification.

Removes some instances where `InsecureSkipVerify` is explicitly set to
`false`, the default, to help avoid confusion and make it more difficult
to regress on this fix by accident.

Adds a `--insecure` flag to `grafana-cli` to skip TLS verification.

Adds a `tls_skip_verify_insecure` setting for OAuth.

Adds a `app_tls_skip_verify_insecure` setting under a new `[plugins]`
section.

I'm not super happy with the way the global setting is used by
`pkg/api/app_routes.go` but that seems to be the existing pattern used.
2017-10-06 17:09:27 +01:00

51 lines
1.1 KiB
Go
Raw Blame History

package api
import (
"net"
"net/http"
"net/http/httputil"
"net/url"
"time"
"github.com/grafana/grafana/pkg/middleware"
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/util"
)
var grafanaComProxyTransport = &http.Transport{
Proxy: http.ProxyFromEnvironment,
Dial: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
DualStack: true,
}).Dial,
TLSHandshakeTimeout: 10 * time.Second,
}
func ReverseProxyGnetReq(proxyPath string) *httputil.ReverseProxy {
url, _ := url.Parse(setting.GrafanaComUrl)
director := func(req *http.Request) {
req.URL.Scheme = url.Scheme
req.URL.Host = url.Host
req.Host = url.Host
req.URL.Path = util.JoinUrlFragments(url.Path+"/api", proxyPath)
// clear cookie headers
req.Header.Del("Cookie")
req.Header.Del("Set-Cookie")
req.Header.Del("Authorization")
}
return &httputil.ReverseProxy{Director: director}
}
func ProxyGnetRequest(c *middleware.Context) {
proxyPath := c.Params("*")
proxy := ReverseProxyGnetReq(proxyPath)
proxy.Transport = grafanaComProxyTransport
proxy.ServeHTTP(c.Resp, c.Req.Request)
c.Resp.Header().Del("Set-Cookie")
}
Reference in New Issue View Git Blame Copy Permalink