Last week Grafana worked without any problems, but after the update to 8.3.5 I cannot log in anymore. In the login screen, after entering my username and password a message appeared: ‘Origin not allowed’. In the grafana.log file I see a line:
lvl=eror msg="Failed to look up user based on cookie" logger=context error="user token not found"
This happens behind a proxy. If I connect directly (via port 3000) everytings works fine.
Any ideas?
Hello 
and welcome to the forum, @jaapd
This is a known issue with 8.3.6. See this github issue for a workaround.
tl:dr: try adding proxy_set_header Host $http_host; to your config above proxy_pass:
Hi I upgraded from 8.1 to 8.4.1 but I am still facing this ‘Origin Not Allowed’ error even after adding proxy_set_header Host $http_host; in Nginx config file the server block is listening on 443
server{
listen 443 ssl;
server_name example.com;
.
.
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
root /usr/share/nginx/html;
index index.html index.htm;
location / {
proxy_set_header Host $http_host; //added after upgrade from 8.1 to 8.4.1 for origin not allowed error
proxy_pass https://community.grafana.com/;
}
Its still showing Origin Not Allowed Error
Still the same error even after adding the line in my vhost. Any other suggestions?
Hello hello
I’m running Grafana 8.4.2 on a KinD cluster inside Github Codespaces, I’m not sure I have access to any proxy in that environment.
I get ‘Origin not allowed’ when testing a Prometheus datasource running on the same namespace. (Although metric auto-completion works 
)
Is there a workaround for such case?
In addition to this, on apache2 u add the following line
…
ProxyPreserveHost On
ProxyPass http://127.0.0.1:3000/
ProxyPassReverse http://127.0.0.1:3000/
…
You sould restart nginx, sudo sudo systemctl restart nginx.service
I found a way workaround for myself and you can try this:
in your Nginx configuration file using the real domain name replace the $http_host and restart Nginx
# proxy_set_header Host $http_host;
proxy_set_header Host example.com;
It worked for me, hope it can help you also.
This worked, Thanks !!
Did you get a work around for this? Have a similar issue in an AKS cluster at the moment
Thanks, valid solution for 9.0.3 as well. 
Hi Guys,
The grafana (grafana-7.5.11-2.el8.rpm) package we have updated it to the below-mentioned version with dependency.
grafana-pcp-3.2.0-2.el8.x86_64.rpm
grafana-7.5.15-3.el8.x86_64.rpm
We are using “Graphite” as DB to connect with Grafana. It worked until we use old version (grafana-7.5.11-2.el8.rpm) and post to the update, the databse connection not worked.
During graphite connection, I get the error “origin not allowed”. also Attached here.
Could you please help us on fixing this issue…
Hi Experts,
We have upgraded grafana package from grafana-7.5.11-2.el8.rpm to grafana-7.5.15-3.el8.x86_64.rpm along with taking care of its dependency package to grafana-pcp-3.2.0-2.el8.x86_64.rpm, and we are seeing the same error “Origin not allowed” post upgrade.,
Actually, we are using “Graphite” as DB to connect with Grafana. It worked until we use old version (grafana-7.5.11-2.el8.rpm ) and post to the update to new version(7.5.15-3.el8.x86_64.rpm), the databse connection not worked. During graphite connection, I get the error “origin not allowed” as attached here.
Hi!
This is the correct way of fixing the issue. AMAZING!
I had been searching for an answer but based on using istio instead of nginx , so here’s the same config but with an Istio Virtual Service:
the proxy_set_header FQDN ( or $http_host ) in istio is configured in the http headers section
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
generation: 4
labels:
name: mynameofVS
namespace: mynamespace
spec:
gateways:
- mygateway
hosts:
- '*'
http:
- headers:
request:
add:
Host: my.fqdn.com
match:
- uri:
prefix: /grafana
route:
- destination:
host: grafana.svc
port:
number: 80