opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-08-02 12:02:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

[main] Plugin fixes (#57399)

Browse Source 
* Plugins: Remove support for V1 manifests

* Plugins: Make proxy endpoints not leak sensitive HTTP headers

* Security: Fix do not forward login cookie in outgoing requests

(cherry picked from commit 4539c33fce5ef23badb08ebcbc09cb0cecb1f539)

Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
This commit is contained in:
Marcus Efraimsson
2022-10-21 13:54:55 +02:00
committed by GitHub
parent af17123b5f
commit 6f8fcae01b
20 changed files with 198 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/middleware/middleware_test.go
View File

@ -538,6 +538,11 @@ func TestMiddlewareContext(t *testing.T) {
assert.True(t, sc.context.IsSignedIn)
assert.Equal(t, userID, sc.context.UserID)
assert.Equal(t, orgID, sc.context.OrgID)
list := contexthandler.AuthHTTPHeaderListFromContext(sc.context.Req.Context())
require.NotNil(t, list)
require.Contains(t, list.Items, sc.cfg.AuthProxyHeaderName)
require.Contains(t, list.Items, "X-WEBAUTH-GROUPS")
require.Contains(t, list.Items, "X-WEBAUTH-ROLE")
}, func(cfg *setting.Cfg) {
configure(cfg)
cfg.LDAPEnabled = false