isAuth seems to be true even if not set in the panel editor

[chof747]

When I try to execute a REST call to my home assistant server I get the following error from the preflight request:

Credentials flag is true, but Access-Control-Allow-Credentials is not "true".

I have configured my home assistant server with the correct cors_allowed_origins I am using the following headers:

Authorization: Bearer (my home assistant token)

Authentication switch is turned off and the request is a POST request with a valid json which works fine if I try it with another HTTP client.

[maxdd]

I'm also experiencing something strange

    Access to fetch at 'http://192.168.188.99/status' from origin 'http://192.168.1.52:8087' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
    ButtonPanel.tsx:147          GET http://192.168.188.99/status net::ERR_FAILED 200
    onClick @ ButtonPanel.tsx:147
    He @ react-dom.production.min.js:52
    Ke @ react-dom.production.min.js:52
    (anonymous) @ react-dom.production.min.js:53
    Er @ react-dom.production.min.js:100
    Sr @ react-dom.production.min.js:101
    (anonymous) @ react-dom.production.min.js:113
    Ie @ react-dom.production.min.js:292
    (anonymous) @ react-dom.production.min.js:50
    Rr @ react-dom.production.min.js:105
    Jt @ react-dom.production.min.js:75
    Xt @ react-dom.production.min.js:74
    t.unstable_runWithPriority @ scheduler.production.min.js:18
    Uo @ react-dom.production.min.js:122
    Ne @ react-dom.production.min.js:292
    $t @ react-dom.production.min.js:73
    ButtonPanel.tsx:171 Request error:  TypeError: Failed to fetch
        at onClick (ButtonPanel.tsx:147:7)
        at Object.He (react-dom.production.min.js:52:317)
        at Ke (react-dom.production.min.js:52:471)
        at react-dom.production.min.js:53:35
        at Er (react-dom.production.min.js:100:68)
        at Sr (react-dom.production.min.js:101:380)
        at react-dom.production.min.js:113:65
        at Ie (react-dom.production.min.js:292:189)
        at react-dom.production.min.js:50:57
        at Rr (react-dom.production.min.js:105:469)

i have currently set the authentication switch off but it seems like the panel is still enforcing proper cors rules.
Can this be removed?

[thegitarist]

i had similar problems. seems that this was fixed, but not republished:

if (options.isAuth) {
      fetchOpts.credentials = 'include';
      requestHeaders.set('Authorization', 'Basic ' + btoa(options.username + ':' + options.password));
    }

LINK

Can someone just republish this?

[thegitarist]

this is implemented in v7.0.25 but the published version (grafana.com) is v7.0.23. So any automated (e.g. via docker) or manual (via UI) fetches v7.0.23 by default.

would be great, if someone can publish v7.0.25 @ grafana.com

[byroncoetsee]

@derjust any chance we can republish to Grafana? Or is there a way someone else can? Would be great to use this.
Thanks