datasophon
datasophon copied to clipboard
Published
20 hours ago •
datavane
datavane
[Improvement][api] grafana security upgrade
Search before asking
- [X] I had searched in the issues and found no similar feature requirement.
Description
当前监控的仪表板是直接通过 iframe 嵌入grafana的分享页面
如果直接复制 iframe 也是能打开的, 存在安全问题
应该后端权限校验, 再代理到grafana
Are you willing to submit a PR?
- [X] Yes I am willing to submit a PR!
Code of Conduct
- [X] I agree to follow this project's Code of Conduct
Search before asking
- [X] I had searched in the issues and found no similar feature requirement.
Description
The currently monitored dashboard is directly embedded in the shared page of grafana through iframe
If you copy the iframe directly, it can also be opened, and there is a security problem
It should check the back-end permissions, and then proxy to grafana
Are you willing to submit a PR?
- [X] Yes I am willing to submit a PR!
Code of Conduct
- [X] I agree to follow this project's Code of Conduct
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
What security issues exist and what impact will it have? Can you tell us?
