Grafana returns invalid API key if Authorization header is set #4
Comments
|
I think actually headers don't make sense because when Grafana requests assets (JS/CSS files), it will not pass the headers. Cookies are the only viable option. |
|
Your right we don't use the header part so I dont think I tested it properly. Maybe we could change the authorization header to something custom (and configurable)? |
|
Excluding static assets from the check could work. I think cookies is fine though. It works perfectly if you understand how to use it :) I am writing a blog post to help because I found it quite confusing. https://docs.google.com/document/d/1mk9nMoJA3rWYzsGUY1kLQkyAo5zEewGGWnv_GxJQSgs/edit?usp=sharing |
|
Great to hear that, let me know when you publish it so I can link it here. I will see what I can do about the header next week. But yeah if you don't modify the frontend part of grafana, the only way to make it work is with cookies. |
It seems to work if I remove the Authorization header
as a quick win, I'd suggest changing the README to suggest not using Authorization as the header.
The text was updated successfully, but these errors were encountered: