From f0ab2ec50696a0108f4ac857b116ffb04f9cc236 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 15 Feb 2022 07:03:25 +0200
Subject: [PATCH] Add support for configuring allow_embedding for Grafana

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1626
---
 roles/matrix-grafana/defaults/main.yml        | 4 ++++
 roles/matrix-grafana/templates/grafana.ini.j2 | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml
index b1fba38f..25d796a2 100644
--- a/roles/matrix-grafana/defaults/main.yml
+++ b/roles/matrix-grafana/defaults/main.yml
@@ -22,6 +22,10 @@ matrix_grafana_data_path: "{{ matrix_grafana_base_path }}/data"
 # Allow viewing Grafana without logging in
 matrix_grafana_anonymous_access: false
 
+# Allow `false`, sends a `X-Frame-Options: deny` HTTP header, which allows Grafana from being embeded in a frame.
+# Read more here: https://grafana.com/docs/grafana/latest/administration/configuration/#allow_embedding
+matrix_grafana_allow_embedding: false
+
 # specify organization name that should be used for unauthenticated users
 # if you change this in the Grafana admin panel, this needs to be updated
 # to match to keep anonymous logins working
diff --git a/roles/matrix-grafana/templates/grafana.ini.j2 b/roles/matrix-grafana/templates/grafana.ini.j2
index 8f4c88f0..1e06683e 100644
--- a/roles/matrix-grafana/templates/grafana.ini.j2
+++ b/roles/matrix-grafana/templates/grafana.ini.j2
@@ -16,6 +16,8 @@ content_security_policy = "{{ matrix_grafana_content_security_policy }}"
 content_security_policy_template = """{{ matrix_grafana_content_security_policy_template }}"""
 {% endif %}
 
+allow_embedding = {{ matrix_grafana_allow_embedding }}
+
 [auth.anonymous]
 # enable anonymous access
 enabled = {{ matrix_grafana_anonymous_access }}