Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dashboards: How to disable /api/search? #87888

Open
freetime007 opened this issue May 15, 2024 · 3 comments
Open

Dashboards: How to disable /api/search? #87888

freetime007 opened this issue May 15, 2024 · 3 comments
Labels
area/dashboard team/grafana-dashboards Dashboards squad triage/needs-confirmation used for OSS triage rotation - reported issue needs to be reproduced

Comments

@freetime007
Copy link

freetime007 commented May 15, 2024
edited

What happened?

Whenever the page is accessed, it automatically loads
HTTP GET "/api/search?limit=5&dashboardUID=xxx&dashboardUID=yyy"
How can I avoid duplicate dashboardUID or disable it?

What did you expect to happen?

avoid or disable it

Did this work before?

No

How do we reproduce it?

1.reload page, and use browser tools

Environment (with versions)?

Grafana: 9.4.3
OS:windows/mac
Browser: Edge,chrome

Grafana platform?

A downloaded binary
@tonypowa tonypowa added the needs more info Issue needs more information, like query results, dashboard or panel json, grafana version etc label Jun 3, 2024
@tonypowa
Copy link
Contributor

tonypowa commented Jun 3, 2024

Hi @freetime007
Thank you for creating this issue

Can you elaborate on why you would disable that api call? How does it impact the functionality or performance?

@freetime007
Copy link
Author

Hi @tonypowa
Due to security scans identifying the following risks caused by the API:
/api/search/dashboardUID=xxxx&dashboardUID=yyyy&dashboardUID=zzzz

The report shows:
OWASP A6:2017-Security Misconfiguration
HTTP Protocol Constraints-HTTP Duplicated Parameter Name

I would like to ask how to configure or modify this? Thanks

@tonypowa
Copy link
Contributor

tonypowa commented Jun 3, 2024

Thanks for your answer
I am not sure if that's possible, so I am routing this issue to the dashboard team for review.

@tonypowa tonypowa added area/dashboard triage/needs-confirmation used for OSS triage rotation - reported issue needs to be reproduced and removed needs more info Issue needs more information, like query results, dashboard or panel json, grafana version etc labels Jun 3, 2024
@grafanabot grafanabot added the team/grafana-dashboards Dashboards squad label Jun 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/dashboard team/grafana-dashboards Dashboards squad triage/needs-confirmation used for OSS triage rotation - reported issue needs to be reproduced
Projects
Dashboards
Status: 🗂️ Needs Triage / Escalation
Milestone
No milestone
Development

No branches or pull requests
3 participants
@grafanabot @tonypowa @freetime007