frenck
commented
3 years ago Additionally requested a review from @sinclairpaul, he knows the most about this.
Closed deviantintegral closed 3 years ago
frenck
commented
3 years ago Additionally requested a review from @sinclairpaul, he knows the most about this.
sinclairpaul
commented
3 years ago Grafana supports publishing snapshots I believe, which automatically sets up anonymous access, wouldn't that be the preferred approach rather than essentially opening the instance to anyone?
I haven't looked at it in detail, so may need some config adjustment to function, but the details can be found at:
https://grafana.com/docs/grafana/latest/sharing/share-panel/
I will also add, I'm really not a fan of iFraming anything, and as browser security becomes stricter it becomes more challenging. We should probably at least add a note around samesite config .
deviantintegral
commented
3 years ago Thanks for the review.
Grafana supports publishing snapshots I believe, which automatically sets up anonymous access, wouldn't that be the preferred approach rather than essentially opening the instance to anyone?
The issue with that feature is that it limits the data to what the snapshot was created with. It doesn't expose data logged after the snapshot was created. The other option is embeds, but those are tied to your authentication state.
The share panel offers embeds which are meant to be accessed through an iframe, but they're tied to the authentication state.
deviantintegral
commented
3 years ago Re iframes, how about I link that to https://grafana.com/docs/grafana/latest/sharing/share-panel/#embed-panel so it's clear that's what I'm referring to? I assume for same-site that Grafana explicitly doesn't set that given their examples use iframes.
sinclairpaul
commented
3 years ago Thanks, if the snapshot links aren't updated it makes sense.
My only last comment is linking to forum posts that could vanish maybe??, other than that I am good.
Edit - by same-site I mean people adding an iframe for http://192.1.1.1/mygrafana, the try and access it from https://my.home.com
frenck
commented
3 years ago Yeah, I agree with @sinclairpaul there.
sinclairpaul
commented
3 years ago Just one last thought, Grafana does offer API auth, does this work for dashboards?
https://grafana.com/docs/grafana/latest/http_api/auth/
Sorry it took me a while to find it (I thought it was there somewhere), it looks like it can be passed as Basic Auth, and may be preferable than opening the whole instance up.
deviantintegral
commented
3 years ago If the point is to give access to viewers to the Grafana dashboards, I don't think HTTP basic will help. For example, Safari no longer passes through credentials in a URL as HTTP basic headers, requiring the user to put them in again.
github-actions[bot]
commented
3 years ago There hasn't been any activity on this pull request recently. This pull request has been automatically marked as stale because of that and will be closed if no further activity occurs within 7 days. Thank you for your contributions.
deviantintegral
commented
3 years ago I think we're pretty close here! Let me know if there's anything else to do.
Proposed Changes
This follows up from my question at #100 with notes on how to set up local access and limitations for cloud access. Link to the rendered version in this PR.