r/grafana: Fix Origin not allowed error

Grafana 8.3.5 introduced a new CSRF protection mechanism that requires the value of the Host HTTP request header to be preserved from the original client request. https://github.com/grafana/grafana/issues/45117#issuecomment-1033842787
2022-07-24 10:07:45 -05:00
parent 3e8da609e7
commit be4bbc0092
3 changed files with 3 additions and 1 deletions
--- a/roles/grafana/defaults/main.yml
+++ b/roles/grafana/defaults/main.yml
@@ -1,3 +1,4 @@
+grafana_domain: '{{ ansible_fqdn }}'
 grafana_ldap_enabled: false
 grafana_http_addr:
 grafana_ldap_host: 127.0.0.1
--- a/roles/grafana/files/grafana.nginx.conf
+++ b/roles/grafana/files/grafana.nginx.conf
@@ -1,3 +1,4 @@
 location / {
    proxy_pass http://[::1]:3000/;
+    proxy_set_header Host $http_host;
 }
--- a/roles/grafana/templates/grafana.ini.j2
+++ b/roles/grafana/templates/grafana.ini.j2
@@ -38,7 +38,7 @@ http_addr = {{ grafana_http_addr }}
 http_port = 3000

 # The public facing domain name used to access grafana from a browser
-domain = localhost
+domain = {{ grafana_domain }}

 # Redirect to correct domain if host header does not match domain
 # Prevents DNS rebinding attacks