Skip to content

csrf middleware: let grafana requests through

Warren Gifford requested to merge grafana_csrf_token into master

Created by: uwedeportivo

Fixes https://github.com/sourcegraph/sourcegraph/issues/6075

CSRF protection kicks in for unsafe HTTP commands like PUT and POST.

this wasn't a problem for our reverse proxy at https://github.com/sourcegraph/sourcegraph/blob/master/cmd/frontend/internal/app/debug.go before because all the instrumentation http traffic (varz, metrics etc) for gitserver and the others were pure GET requests.

now that we're running grafana behind the same scheme it does POST and PUT requests too and the csrf token is invalid.

grafana itself is csrf protected so i think it's ok to bypass the middleware for requests to grafana.

Merge request reports

Loading