allow_embedding: true# 默认是 false, 为了防止 Clickjacking,如果不设置,浏览器会拒绝显示 iframe cookie_samesite: none # 如果不设置,无法使用登录功能 cookie_secure: true# if you're using https and let us know how that works out.
cookie_secure Set to true if you host Grafana behind HTTPS. Default is false.
cookie_samesite Sets the SameSite cookie attribute and prevents the browser from sending this cookie along with cross-site requests. The main goal is to mitigate the risk of cross-origin information leakage. This setting also provides some protection against cross-site request forgery attacks (CSRF), read more about SameSite here. Valid values are lax, strict, none, and disabled. Default is lax. Using value disabled does not add any SameSite attribute to cookies.
allow_embedding When false, the HTTP header X-Frame-Options: deny will be set in Grafana HTTP responses which will instruct browsers to not allow rendering Grafana in a <frame>, <iframe>, <embed> or <object>. The main goal is to mitigate the risk of Clickjacking. Default is false.
There is no way to do this and there is a big reason why. If you make one dashboard public you will have to make your data source public (ie anyone can query against it). So any possible query for that data source can be issued not just the queries used in the dashboard you made public.
根据初步的调研,得到的答复是不能指定 dashboard 开放 public 权限。同时,官方的 issue 里也有关于此问题的回复
