Issue with direct Prometheus datasource with basic auth

Trying to add a direct Prometheus datasource, but have some issues when using basic auth.
Prometheus is not checking auth on the OPTIONS request, so this is returned with a 204, however it does not follow up with any GET request.

An image of the the OPTIONS request is added, with all response/request headers.

Did find an error here:

Failed to load https://PROMETHEUS_URL/api/v1/label/__name__/values: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'https://GRAFANA_URL' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

How can I solve this if I need the Origin to be a wildcard?

Hi,

Prometheus don’t have any support for authentication as far as I know. Are you running Grafana and Prometheus behind some sort of proxy?

Marcus

Yeah

Its running behind https://github.com/bitly/oauth2_proxy, where -skip-preflight-auth is enabling disabling authentication on the OPTIONS request. The issue is that its returning a wildcard on the origin, and this is causing an error in Grafana.

Hi,

Looking at the proxy your using it clearly states

-skip-auth-preflight: will skip authentication for OPTIONS requests

However you mention you’re using -skip-preflight-auth

Marcus

Yes I have enableded -skip-preflight-auth such that OPTIONS requests can pass trough, as mentioned here.

https://github.com/grafana/grafana/issues/8605#issuecomment-308272459

Please note that you’ve seemed to introduced a typo

You’re using -skip-preflight-auth

The documentation says -skip-auth-preflight

Please try with -skip-auth-preflight instead of -skip-preflight-auth.

Marcus

Typo by me here on the community forum the actual flag enabled is -skip-auth-preflight I could also see the change in grafana when I turned it on, since the OPTIONS request now returns a 204.

Okay :+1:

But Grafana is not involved in the OPTIONS request. It’s something that the browser do because of CORS. So I don’t think that there is something more we can do in Grafana to support this.

If you have any ideas you’re more than welcome to contribute

Marcus