* ProxyUtil: Populate X-Grafana-Referer header
* ProxyUtil: Move Referer/Origin header removal
So that the removal and setting X-Grafana-Referer logic applies to all
proxied requests and not just datasource proxy.
* ProxyUtil: Test to guard against multiline headers
* ProxyUtil: Explicitly check injected header isn't parsed
* Plugins: Remove support for V1 manifests
* Plugins: Make proxy endpoints not leak sensitive HTTP headers
* Security: Fix do not forward login cookie in outgoing requests
(cherry picked from commit 4539c33fce5ef23badb08ebcbc09cb0cecb1f539)
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
For a proxied request, e.g. Grafana's datasource or plugin proxy:
If the request is cancelled, e.g. from the browser, the HTTP status code is
now 499 Client closed request instead of 502 Bad gateway.
If the request times out, e.g. takes longer time than allowed, the HTTP status
code is now 504 Gateway timeout instead of 502 Bad gateway.
This also means that request metrics and logs will get their status codes
adjusted according to above.
Fixes#46337Fixes#46338
