diff --git a/conf/defaults.ini b/conf/defaults.ini index 9d193808bc5..492525e6b5f 100644 --- a/conf/defaults.ini +++ b/conf/defaults.ini @@ -157,7 +157,7 @@ logging = false # How long the data proxy should wait before timing out default is 30 (seconds) timeout = 30 -# If enabled data proxy will add X-Grafana-User header with username into the request, default is false. +# If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request, default is false. send_user_header = false #################################### Analytics ########################### diff --git a/conf/sample.ini b/conf/sample.ini index 2b8a4ec24fb..fd414c2af47 100644 --- a/conf/sample.ini +++ b/conf/sample.ini @@ -144,7 +144,7 @@ log_queries = # How long the data proxy should wait before timing out default is 30 (seconds) ;timeout = 30 -# If enabled data proxy will add X-Grafana-User header with username into the request, default is false. +# If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request, default is false. ;send_user_header = false #################################### Analytics #################################### diff --git a/docs/sources/installation/configuration.md b/docs/sources/installation/configuration.md index 75a8ddee332..d94bacc5779 100644 --- a/docs/sources/installation/configuration.md +++ b/docs/sources/installation/configuration.md @@ -423,7 +423,7 @@ How long the data proxy should wait before timing out default is 30 (seconds) ### send_user_header -If enabled data proxy will add X-Grafana-User header with username into the request, default is false. +If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request, default is false.
diff --git a/pkg/api/pluginproxy/ds_proxy.go b/pkg/api/pluginproxy/ds_proxy.go index 6db09543ad0..3aec988f9e3 100644 --- a/pkg/api/pluginproxy/ds_proxy.go +++ b/pkg/api/pluginproxy/ds_proxy.go @@ -172,7 +172,7 @@ func (proxy *DataSourceProxy) getDirector() func(req *http.Request) { req.Header.Add("Authorization", dsAuth) } - if proxy.cfg.SendUserHeader { + if proxy.cfg.SendUserHeader && !proxy.ctx.SignedInUser.IsAnonymous { req.Header.Add("X-Grafana-User", proxy.ctx.SignedInUser.Login) } diff --git a/pkg/api/pluginproxy/ds_proxy_test.go b/pkg/api/pluginproxy/ds_proxy_test.go index f0c560ccb0a..bfad7d5670d 100644 --- a/pkg/api/pluginproxy/ds_proxy_test.go +++ b/pkg/api/pluginproxy/ds_proxy_test.go @@ -417,6 +417,19 @@ func TestDSRouteRule(t *testing.T) { So(req.Header.Get("X-Grafana-User"), ShouldEqual, "") }) }) + + Convey("When SendUserHeader config is enabled but user is anonymous", func() { + req := getDatasourceProxiedRequest( + &m.ReqContext{ + SignedInUser: &m.SignedInUser{IsAnonymous: true}, + }, + &setting.Cfg{SendUserHeader: true}, + ) + Convey("Should not add header with username", func() { + // Get will return empty string even if header is not set + So(req.Header.Get("X-Grafana-User"), ShouldEqual, "") + }) + }) }) } diff --git a/pkg/api/pluginproxy/pluginproxy.go b/pkg/api/pluginproxy/pluginproxy.go index db29fa122b5..5ee59017a82 100644 --- a/pkg/api/pluginproxy/pluginproxy.go +++ b/pkg/api/pluginproxy/pluginproxy.go @@ -80,7 +80,7 @@ func NewApiPluginProxy(ctx *m.ReqContext, proxyPath string, route *plugins.AppPl req.Header.Add("X-Grafana-Context", string(ctxJson)) - if cfg.SendUserHeader { + if cfg.SendUserHeader && !ctx.SignedInUser.IsAnonymous { req.Header.Add("X-Grafana-User", ctx.SignedInUser.Login) } diff --git a/pkg/api/pluginproxy/pluginproxy_test.go b/pkg/api/pluginproxy/pluginproxy_test.go index 9109897d61e..e4a4fdb25ba 100644 --- a/pkg/api/pluginproxy/pluginproxy_test.go +++ b/pkg/api/pluginproxy/pluginproxy_test.go @@ -75,6 +75,20 @@ func TestPluginProxy(t *testing.T) { So(req.Header.Get("X-Grafana-User"), ShouldEqual, "") }) }) + + Convey("When SendUserHeader config is enabled but user is anonymous", t, func() { + req := getPluginProxiedRequest( + &m.ReqContext{ + SignedInUser: &m.SignedInUser{IsAnonymous: true}, + }, + &setting.Cfg{SendUserHeader: true}, + ) + + Convey("Should not add header with username", func() { + // Get will return empty string even if header is not set + So(req.Header.Get("X-Grafana-User"), ShouldEqual, "") + }) + }) } // getPluginProxiedRequest is a helper for easier setup of tests based on global config and ReqContext.