After update to 8.3.5: 'Origin not allowed' behind proxy

Last week Grafana worked without any problems, but after the update to 8.3.5 I cannot log in anymore. In the login screen, after entering my username and password a message appeared: ‘Origin not allowed’. In the grafana.log file I see a line:
lvl=eror msg="Failed to look up user based on cookie" logger=context error="user token not found"

This happens behind a proxy. If I connect directly (via port 3000) everytings works fine.
Any ideas?

1 Like

Hello :wave: and welcome to the forum, @jaapd

This is a known issue with 8.3.6. See this github issue for a workaround.

tl:dr: try adding proxy_set_header Host $http_host; to your config above proxy_pass:


Thanks, it works again!

1 Like

Hi I upgraded from 8.1 to 8.4.1 but I am still facing this ‘Origin Not Allowed’ error even after adding proxy_set_header Host $http_host; in Nginx config file the server block is listening on 443

listen 443 ssl;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
root /usr/share/nginx/html;
index index.html index.htm;

location / {
proxy_set_header Host $http_host; //added after upgrade from 8.1 to 8.4.1 for origin not allowed error

proxy_pass https://localhost:3000/;


Its still showing Origin Not Allowed Error

Still the same error even after adding the line in my vhost. Any other suggestions?

Hello hello :wave:

I’m running Grafana 8.4.2 on a KinD cluster inside Github Codespaces, I’m not sure I have access to any proxy in that environment.

I get ‘Origin not allowed’ when testing a Prometheus datasource running on the same namespace. (Although metric auto-completion works :thinking: )

Is there a workaround for such case?


In addition to this, on apache2 u add the following line

ProxyPreserveHost On

1 Like

You sould restart nginx, sudo sudo systemctl restart nginx.service

I found a way workaround for myself and you can try this:
in your Nginx configuration file using the real domain name replace the $http_host and restart Nginx

# proxy_set_header Host $http_host;
proxy_set_header Host;

It worked for me, hope it can help you also.

1 Like

This worked, Thanks !!

Did you get a work around for this? Have a similar issue in an AKS cluster at the moment

1 Like

Thanks, valid solution for 9.0.3 as well. :smiley: