Bypass `Content-Security-Policy`

[LucBerge]

Hello, I am using the MongoDB data source to read data from my mongoDB. I have installed the "Data Manipulation" plugin to be able to update my documents in the database.

I have configured the form to send a POST request to the following endpoint https://eu-west-2.aws.data.mongodb-api.com/app/data-knsvx/endpoint/update

The endpoint is working as expected because I am able to perform a POST request from my PC but it is not working from the Grafana.

I have the following error:

Content-Security-Policy : The page’s settings blocked the loading of a resource (connect-src) at https://eu-west-2.aws.data.mongodb-api.com/app/data-knsvx/endpoint/update because it violates the following directive: “connect-src 'self' https://grafana.com/ https://dc.services.visualstudio.com/”

Grafana is by default blocking request to unknown urls. Regarding the official documentation, I should be able to update the Content-Security-Policy to allow the traffic. The problem is that I am using an Azure Managed Grafana and it is currently not possible to update this setting.

1. How can I update my document in MongoDB without touching to the Content Security Policy?
2. Can I use the Grafana API to update a document to MongoDB? (Only find and aggregate methods are available)
3. Is it possible to update Grafana settings from Javascript? (content_security_policy_template)
4. Do you have any workaround to propose?

[vitPinchuk]

Hi, @LucBerge Thanks for question. To solve the cors problem, there are 2 possible options: 1) If you have access to the server, you can allow cors 2) you can use MongoDB data source and use MongoDB data source under 'Initial Request' -> 'Data source' or 'Update Request' -> 'Data source' The payload configuration for 'Update Request' is done in the 'Update Request Payload' section