Skip to content

Harden grafana against extraneous auth headers

Warren Gifford requested to merge github/fork/markjm/mmolinaro/harden-grafana into main

Created by: markjm

grafana will fail with {"message":"invalid API key"} if an authorization header is set. Ideally, such a header would not be set, but it may be in the case of specific proxies sitting in front of SG. In our case, we stripped the authorization header to get around this issue, but that causes issues when using token auth (like with vscode extension)

Test plan

  1. Set authentication header to some dummy value (I use a chrome extension for modifying headers)
  2. go to https://sourcegraph.test:3443/-/debug/grafana/ and note the {"message":"invalid API key"}
  3. Make the change present in this PR
  4. go to https://sourcegraph.test:3443/-/debug/grafana/ and note the grafana loads correctly

Merge request reports

Loading