Harden grafana against extraneous auth headers (!37892) · Merge requests · Administrator / sourcegraph

Administrator requested to merge github/fork/markjm/mmolinaro/harden-grafana into main Jun 28, 2022

Created by: markjm

grafana will fail with {"message":"invalid API key"} if an authorization header is set. Ideally, such a header would not be set, but it may be in the case of specific proxies sitting in front of SG. In our case, we stripped the authorization header to get around this issue, but that causes issues when using token auth (like with vscode extension)

Test plan

Set authentication header to some dummy value (I use a chrome extension for modifying headers)
go to https://sourcegraph.test:3443/-/debug/grafana/ and note the {"message":"invalid API key"}
Make the change present in this PR
go to https://sourcegraph.test:3443/-/debug/grafana/ and note the grafana loads correctly

Harden grafana against extraneous auth headers

Test plan

Merge request reports