Elasticsearch datasource withCredentials doesn't seem to send cookie

I have an elastic datasource configured with “withCredentials:true” and my elastic is in another domain but the grafana dashboard doesn’t seem to send the cookie to the elastic server. Am I missing something or is this a bug?


Make sure that you use the proxy access in data source configuration. Otherwise there can be problems with CORS and authentication since the browser are responsible for negotiating this so no way for Grafana to include authentication details in that CORS HEAD request.


Yes it can. When defining the ElasticSearch datasource, it’s enforced, I can see a SSO cookie forwarded when it’s checked.
But when defining a dashboard that uses that source, the cookie is not used any more. So grafana should be consistent. Either remove it from the source definition or add it to the dashboard definition.
What is missing is that https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials in the dashboard too.

But when defining the datasource it’s testing by doing a get request. Could it be that you hit CORS problem when rendering dashboard -since it does POST requests to actually search and retrieve metrics from elasticsearch? If you look in console tab of chrome dev tools when render your dashboard - do you get any errors?

I gave all the details in a issue I just opened: https://github.com/grafana/grafana/issues/12127.

The missing feature is explained in https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials:

The XMLHttpRequest.withCredentials property is a Boolean that indicates whether or not cross-site Access-Control requests should be made using credentials such as cookies, authorization headers or TLS client certificates. Setting withCredentials has no effect on same-site requests.

1 Like