Trying to add a direct Prometheus datasource, but have some issues when using basic auth.
Prometheus is not checking auth on the OPTIONS request, so this is returned with a 204, however it does not follow up with any GET request.
An image of the the OPTIONS request is added, with all response/request headers.
Failed to load https://PROMETHEUS_URL/api/v1/label/__name__/values: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'https://GRAFANA_URL' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
How can I solve this if I need the Origin to be a wildcard?
Its running behind https://github.com/bitly/oauth2_proxy, where -skip-preflight-auth is enabling disabling authentication on the OPTIONS request. The issue is that its returning a wildcard on the origin, and this is causing an error in Grafana.
Typo by me here on the community forum the actual flag enabled is -skip-auth-preflight I could also see the change in grafana when I turned it on, since the OPTIONS request now returns a 204.
But Grafana is not involved in the OPTIONS request. It’s something that the browser do because of CORS. So I don’t think that there is something more we can do in Grafana to support this.
If you have any ideas you’re more than welcome to contribute