Allowed Hosts

[yesoreyeram]

This is about the breaking change introduces in version 1.0.0 of the plugin.

Authentication & Allowed host URLs

If you are using any APIs/URLs that require authentication, You will now need to specify the list of allowed Host URLs in the config. This change is introduced to allow additional security to your endpoints.

To migrate your existing datasources, add allowed URLs/allowed Hosts in the datasource configuration section. Example: If you are using https://foo.com/some/path?id=123 which require authentication, you will need to add https://foo.com in the allowed hosts list.

Examples:

If your datasource is provisioned, then you have to add the following to your provisioning yaml file.

jsonData:
  allowedHosts:
    - https://foo.com

If the allowed hosts are not configured correctly, you will get Datasource is missing allowed hosts/URLs. Configure it in the datasource settings page. Datasource Name error when performing the query.

[naiemeh]

Hello, I'm new in this plugin,
Can you help me how did you pass user and password to your API?

[yesoreyeram]

In the datasoruce configuration section, you can specify username and password under auth/ basic auth section.

[megha0007]

What if I wan to allow all hosts

[yesoreyeram]

All the hosts are allowed when there is no authentication specified. For security reasons, it is a best practice you need to specify allowed hosts.

[AbdurRashidMondal]

still not working in case of Freshdesk api

[yesoreyeram]

This comment doesn't help. Can you elaborate what you tried and what error you are getting? Any reference documents?

[cyril-nmpro]

what exactly is "Allowed Hosts"? Normally we set such a setting when we want to restrict the client IPs that can invoke the api, like in a firewall. But your "Allowed Hosts" is asking to add the base url. But why do I have to add the base url in security section, when I already added the base url in the "Base Url" section?
In any case, the curl command is being executed by grafana hosted server, and server belongs to me, and I am the only one using it. So why is this security section needed?

[yesoreyeram]

Alright. Sorry for the confusion. Infinity is designed to take any arbitrary URL from the query and configuring base URL in config page was deprecated and later removed the deprecation based on community requests. So when there is no base URL configured, to protect the API credentials it was necessary to add allowed hosts. There is a backlog item i need to work on where we can ignore allowed hosts warning when there is base URL configured. ( Note: Not every API / grafana servers have the luxury of setting firewall and other security mechanisms. So this is just one step to help such use-cases )

again, Thank you for trying the plugin and providing the feedback.