Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
  • arun/hacks
  • ankit.panchal/explore-buttons
  • rossetd-draft/test-vuereactcombined
  • ankit.panchal/gitlab-components-1
  • update-issue-template
  • ankit.panchal/bootstrap-react
  • ankit.panchal/vuera-draft
  • ankit.panchal/use-gitlab-buttons
  • ankit.panchal/draft
  • imurray-pajamas-GOUI-spike
  • rossetd/fonts-gl-ui
  • 152-check-feature-enablement-where-needed
  • arun/plugin-hacks
  • 159-show-default-page-in-case-observability-ui-is-failed-to-load
  • ankit.panchal/test-sandboxing
  • 144-allow-observability-url-in-csp-policies-for-issues
  • prozlach/devvm-branch-test
  • drosse-doc-upgrade-grafana
  • ankit.panchal/update-goui-7.5.17
  • v9.2.1
  • v0.0.0-test
  • v9.2.0
  • v9.1.8
  • v9.1.7
  • v7.5.17
  • v9.2.0-beta1
  • v9.0.9
  • v9.1.6
  • v8.5.13
  • v9.1.5
  • v9.1.4
  • v9.1.3
  • v9.0.8
  • v9.1.2
  • v9.1.1
  • v9.1.0
  • v9.0.7
  • v8.5.10
  • v9.1.0-beta1
40 results

main.go

  • Matt Bostock's avatar
    16c5d0e4
    Always verify TLS unless explicitly told otherwise · 16c5d0e4
    Matt Bostock authored
    TLS was not being verified in a number of places:
    
    - connections to grafana.com
    
    - connections to OAuth providers when TLS client authentication was
      enabled
    
    - connections to self-hosted Grafana installations when using the CLI
      tool
    
    TLS should always be verified unless the user explicitly enables an
    option to skip verification.
    
    Removes some instances where `InsecureSkipVerify` is explicitly set to
    `false`, the default, to help avoid confusion and make it more difficult
    to regress on this fix by accident.
    
    Adds a `--insecure` flag to `grafana-cli` to skip TLS verification.
    
    Adds a `tls_skip_verify_insecure` setting for OAuth.
    
    Adds a `app_tls_skip_verify_insecure` setting under a new `[plugins]`
    section.
    
    I'm not super happy with the way the global setting is used by
    `pkg/api/app_routes.go` but that seems to be the existing pattern used.
    16c5d0e4
    History
    Always verify TLS unless explicitly told otherwise
    Matt Bostock authored
    TLS was not being verified in a number of places:
    
    - connections to grafana.com
    
    - connections to OAuth providers when TLS client authentication was
      enabled
    
    - connections to self-hosted Grafana installations when using the CLI
      tool
    
    TLS should always be verified unless the user explicitly enables an
    option to skip verification.
    
    Removes some instances where `InsecureSkipVerify` is explicitly set to
    `false`, the default, to help avoid confusion and make it more difficult
    to regress on this fix by accident.
    
    Adds a `--insecure` flag to `grafana-cli` to skip TLS verification.
    
    Adds a `tls_skip_verify_insecure` setting for OAuth.
    
    Adds a `app_tls_skip_verify_insecure` setting under a new `[plugins]`
    section.
    
    I'm not super happy with the way the global setting is used by
    `pkg/api/app_routes.go` but that seems to be the existing pattern used.
Code owners
Assign users and groups as approvers for specific file changes. Learn more.