When allow_embedding is false (default) the Grafana backend
will set the http header `X-Frame-Options: deny` in all responses
to non-static content which will instruct browser to not allow
Grafana to be embedded in `<frame>`, `<iframe>`,
`<embed>` or `<object>`.
Closes#14189
Currently all API requests set Cache-control: no-cache to avoid browsers
caching sensitive data. This fixes so that all responses returned from
backend not are cached using http headers. The exception is the data proxy
where we don't add these http headers in case datasource backend needs
to control whether data can be cached or not.
Fixes#16845
* Chore: remove session storage references
* Small refactoring of the settings module
* Update docs - remove references for the session storage
* Update config files (sample and default configs)
* Add tests for warning during the config load on defined storage cache
* Remove all references to session storage
* Remove macaron session dependency
* Remove leftovers
* Fix: address review comments
* Fix: remove old deps
* Fix: add skipStaticRootValidation = true to tests
* Fix: improve the docs and warning message
As per discussion in here - https://github.com/grafana/grafana/pull/16445/files#r273026255
* Chore: make linter happy
Fixes#16148
Ref #16114
* Chore: refactor auth proxy
Introduced the helper struct for auth_proxy middleware.
Added couple unit-tests, but it seems "integration" tests already cover
most of the code paths.
Although it might be good idea to test every bit of it, hm.
Haven't refactored the extraction of the header logic that much
Fixes#16147
* Fix: make linters happy
I removed some code, and commented out other one.
See,
$ gometalinter --vendor --disable-all --disable=gotype --enable=megacheck --deadline 6m ./... | grep unused
pkg/api/avatar/avatar.go💯26⚠️ func (*CacheServer).mustInt is unused (U1000) (megacheck)
pkg/api/folder_test.go:136:6⚠️ func callGetFolderByUID is unused (U1000) (megacheck)
pkg/api/folder_test.go:141:6⚠️ func callDeleteFolder is unused (U1000) (megacheck)
pkg/api/live/hub.go:40:15⚠️ func (*hub).removeConnection is unused (U1000) (megacheck)
pkg/components/imguploader/azureblobuploader.go:130:5⚠️ var client is unused (U1000) (megacheck)
pkg/middleware/middleware_test.go:438:28⚠️ func (*scenarioContext).withInvalidApiKey is unused (U1000) (megacheck)
pkg/services/alerting/ticker.go:40:18⚠️ func (*Ticker).updateOffset is unused (U1000) (megacheck)
pkg/services/notifications/notifications_test.go:12:6⚠️ type testTriggeredAlert is unused (U1000) (megacheck)
pkg/services/sqlstore/dashboard_service_integration_test.go:935:6⚠️ type scenarioContext is unused (U1000) (megacheck)
pkg/services/sqlstore/dashboard_service_integration_test.go:939:6⚠️ type scenarioFunc is unused (U1000) (megacheck)
pkg/services/sqlstore/dashboard_service_integration_test.go:941:6⚠️ func dashboardGuardianScenario is unused (U1000) (megacheck)
pkg/services/sqlstore/transactions_test.go:13:6⚠️ type testQuery is unused (U1000) (megacheck)
This commit fixes the following golint warnings:
pkg/bus/bus.go:64:9: if block ends with a return statement, so drop this else and outdent its block
pkg/bus/bus.go:84:9: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:137:10: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:177:9: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:183:10: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:199:9: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:208:9: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
pkg/components/dynmap/dynmap.go:236:9: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:242:10: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:257:9: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:263:10: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:278:9: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:284:10: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:299:9: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:331:9: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:350:9: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:356:10: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:366:12: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:390:9: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:396:10: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:405:12: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:427:9: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:433:10: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:442:12: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:459:9: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:465:10: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:474:12: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:491:9: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:497:10: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:506:12: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:523:9: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:529:10: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:538:12: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:555:9: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:561:10: if block ends with a return statement, so drop this else and outdent its block
pkg/components/dynmap/dynmap.go:570:12: if block ends with a return statement, so drop this else and outdent its block
pkg/login/ldap.go:55:11: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
pkg/login/ldap_test.go:372:10: if block ends with a return statement, so drop this else and outdent its block
pkg/middleware/middleware_test.go:213:12: if block ends with a return statement, so drop this else and outdent its block
pkg/plugins/dashboard_importer.go:153:11: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
pkg/plugins/dashboards_updater.go:39:9: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
pkg/plugins/dashboards_updater.go:121:10: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
pkg/plugins/plugins.go:210:9: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
pkg/plugins/plugins.go:235:9: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
pkg/services/alerting/eval_context.go:111:9: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
pkg/services/alerting/notifier.go:92:9: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
pkg/services/alerting/notifier.go:98:9: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
pkg/services/alerting/notifier.go:122:10: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
pkg/services/alerting/rule.go:108:10: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
pkg/services/alerting/rule.go:118:10: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
pkg/services/alerting/rule.go:121:11: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
pkg/services/alerting/notifiers/telegram.go:94:10: if block ends with a return statement, so drop this else and outdent its block
pkg/services/sqlstore/annotation.go:34:11: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
pkg/services/sqlstore/annotation.go:99:11: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
pkg/services/sqlstore/dashboard_test.go:107:13: if block ends with a return statement, so drop this else and outdent its block
pkg/services/sqlstore/plugin_setting.go:78:10: if block ends with a return statement, so drop this else and outdent its block
pkg/services/sqlstore/preferences.go:91:10: if block ends with a return statement, so drop this else and outdent its block
pkg/services/sqlstore/user.go:50:10: if block ends with a return statement, so drop this else and outdent its block
pkg/services/sqlstore/migrator/migrator.go:106:11: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
pkg/services/sqlstore/migrator/postgres_dialect.go:48:10: if block ends with a return statement, so drop this else and outdent its block
pkg/tsdb/time_range.go:59:9: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
pkg/tsdb/time_range.go:67:9: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
pkg/tsdb/cloudwatch/metric_find_query.go:225:9: if block ends with a return statement, so drop this else and outdent its block
pkg/util/filepath.go:68:11: if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
This changes forks the mysql part of the Macaron session middleware.
In the forked mysql file:
- takes in a config setting for SetConnMaxLifetime (this solves wait_timeout
problem if it is set to a shorter interval than wait_timeout)
- removes the panic when an error is returned in the Exist function.
- retries the exist query once
- retries the GC query once
If legacy backend routes (/dashboard/db/<slug> and /dashboard-solo/db/<slug>)
are requested we try to redirect to new routes with a 301 Moved Permanently
#7883
Fixes#5356. Internet Explorer aggressively caches GET requests which
means that all API calls fetching data are cached. This fix adds a
Cache-Control header with the value no-cache to all GET requests to
the API.
- adds the option to use ldap groups for authorization in combination with an auth proxy
- adds an option to limit where auth proxy requests come from by configure a list of ip's
- fixes a security issue, session could be reused
