Adela Almasan f64b121ddb Canvas: Allow API calls to grafana origin (#91822) ... * allow post URL * check for config * allow relative paths * add allowed internal pattern; add checks for method * update defaults.ini * add custom header * update config comment * use globbing, switch to older middleware - deprecated call * add codeowner * update to use current api, add test * update fall through logic * Update pkg/middleware/validate_action_url.go Co-authored-by: Dan Cech <dcech@grafana.com> * Update pkg/middleware/validate_action_url.go Co-authored-by: Dan Cech <dcech@grafana.com> * add more tests * Update pkg/middleware/validate_action_url_test.go Co-authored-by: Dan Cech <dcech@grafana.com> * fix request headers * add additional tests for all verbs * fix request headers++ * throw error when method is unknown --------- Co-authored-by: Ryan McKinley <ryantxu@gmail.com> Co-authored-by: Brian Gann <bkgann@gmail.com> Co-authored-by: Brian Gann <briangann@users.noreply.github.com> Co-authored-by: Dan Cech <dcech@grafana.com>		2024-09-10 10:45:27 -04:00
..
cookies	Auth: Add feature flag to move token rotation to client (#65060)	2023-03-23 14:39:04 +01:00
csrf	CSRF middleware: Add flag to skip login cookie check (#66806)	2023-04-24 10:11:08 -03:00
loggermw	Chore: Remove sensitive information from presigned URLs prior to logging (#87035)	2024-06-24 14:53:42 +02:00
requestmeta	instrumentation: rename team to grafana_team to improve alert routing. (#75860)	2023-10-03 12:25:01 +02:00
auth_test.go	Identity: Remove typed id (#91801)	2024-08-13 10:18:28 +02:00
auth.go	RBAC: Allow plugins to use scoped actions (#90946)	2024-07-25 17:22:42 +03:00
csp.go	Feature: Trusted Types support (#64975)	2023-04-27 18:20:37 +02:00
dashboard_redirect_test.go	Chore: Remove endpoints that contain the slug field (#35104)	2021-06-03 16:20:13 +03:00
dashboard_redirect.go	Chore: Move ReqContext to contexthandler service (#62102)	2023-01-27 08:50:36 +01:00
gziper.go	Chore: Skip gzip for apiserver routes (#92245)	2024-08-21 23:47:58 +03:00
middleware_test.go	Canvas: Allow API calls to grafana origin (#91822)	2024-09-10 10:45:27 -04:00
middleware.go	Fix: Proper plugin logo loading depending on staging (#88247)	2024-05-27 10:26:30 +02:00
org_redirect_test.go	User: support setting org and help flags though update function (#86535)	2024-04-29 08:53:05 +02:00
org_redirect.go	User: support setting org and help flags though update function (#86535)	2024-04-29 08:53:05 +02:00
quota_test.go	Identity: Remove typed id (#91801)	2024-08-13 10:18:28 +02:00
quota.go	Chore: Move ReqContext to contexthandler service (#62102)	2023-01-27 08:50:36 +01:00
recovery_test.go	Frontend: Reload the browser when backend configuration/assets change (#79057)	2024-01-04 08:00:07 +01:00
recovery.go	Grafana: Replace magic number with a constant variable in response status (#80132)	2024-02-27 18:39:51 +02:00
request_metadata_test.go	instrumentation: rename team to grafana_team to improve alert routing. (#75860)	2023-10-03 12:25:01 +02:00
request_metrics.go	Metrics: Add ability to disable classic histogram for HTTP metric (#88315)	2024-06-18 15:37:44 -04:00
request_test.go	Chore: Remove repetitive words (#84132)	2024-03-11 08:55:18 -04:00
request_tracing.go	infra(tracing): Fix span naming order-of-operations bug (#90025)	2024-07-04 07:05:14 -04:00
subpath_redirect_test.go	ServeFromSubPath: Redirect to URL with subpath when subpath missing (#66724)	2023-04-24 09:55:55 +02:00
subpath_redirect.go	ServeFromSubPath: Redirect to URL with subpath when subpath missing (#66724)	2023-04-24 09:55:55 +02:00
testing.go	Chore: use any rather than interface{} (#74066)	2023-08-30 18:46:47 +03:00
validate_action_url_test.go	Canvas: Allow API calls to grafana origin (#91822)	2024-09-10 10:45:27 -04:00
validate_action_url.go	Canvas: Allow API calls to grafana origin (#91822)	2024-09-10 10:45:27 -04:00
validate_host.go	Chore: Move ReqContext to contexthandler service (#62102)	2023-01-27 08:50:36 +01:00