opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-31 05:12:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

Middleware: Add CSP support (#29740)

Browse Source 
* Middleware: Add support for CSP

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored by @iOrcohen
This commit is contained in:
Arve Knudsen
2021-01-12 07:42:32 +01:00
committed by GitHub
parent 4ed901e1f9
commit 50b649a869
19 changed files with 449 additions and 222 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/middleware/middleware.go
View File

@ -20,16 +20,20 @@ var (
ReqOrgAdmin = RoleAuth(models.ROLE_ADMIN)
)
func HandleNoCacheHeader(ctx *models.ReqContext) {
ctx.SkipCache = ctx.Req.Header.Get("X-Grafana-NoCache") == "true"
}
func AddDefaultResponseHeaders(cfg *setting.Cfg) macaron.Handler {
return func(ctx *macaron.Context) {
ctx.Resp.Before(func(w macaron.ResponseWriter) {
return func(c *macaron.Context) {
c.Resp.Before(func(w macaron.ResponseWriter) {
// if response has already been written, skip.
if w.Written() {
return
}
if !strings.HasPrefix(ctx.Req.URL.Path, "/api/datasources/proxy/") {
addNoCacheHeaders(ctx.Resp)
if !strings.HasPrefix(c.Req.URL.Path, "/api/datasources/proxy/") {
addNoCacheHeaders(c.Resp)
}
if !cfg.AllowEmbedding {