For Label value privacy or hacking free, allow usage of Label Header instead of query ( X-Prom-Label-<label name> )

[zucher]

In case of custom parameter usage under Grafana, "Explore" request use directly in request the query param label provided, Hacking the request become possible in that case.

Allowing the Label value passing through http header is not impact by this hack.

Suggestion:
X-Prom-Label-<label name> : xxxx

func (r *routes) enforceLabel(h http.HandlerFunc) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		lvalue := req.Header.Get("X-Prom-Label-" + r.label)
+		if lvalue == "" {
+			lvalue = req.URL.Query().Get(r.label)
+		}

		if lvalue == "" {
+			http.Error(w, fmt.Sprintf("Bad request. The %q query parameter or X-Prom-Label-%q header must be provided.", r.label, r.label), http.StatusBadRequest)
			return
		}
		req = req.WithContext(withLabelValue(req.Context(), lvalue))

[zucher]

Seems specific characters are not supported in header key like _
instead of
X-Prom-Label-

I suggest to use :
X-Prom-Label-Key: xxxx
X-Prom-Label-Value: yyyy

or

X-Prom-Label: xxxx:yyyy

Alternative is to normalize the header name by replacing unexpected characters by other ones and putting all in lower cases

[zucher]

Final proposition:

func (r *routes) enforceLabel(h http.HandlerFunc) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
		normalizedLabel := strings.Replace(r.label, "_", "-", -1)
		lvalue := req.Header.Get("X-Prom-Label-" + normalizedLabel)
		if lvalue == "" {
			lvalue = req.URL.Query().Get(r.label)
		}

		if lvalue == "" {
			http.Error(w, fmt.Sprintf("Bad request. The %q query parameter or \"X-Prom-Label-%s\" header must be provided.", r.label, r.label), http.StatusBadRequest)
			return
		}

and under grafana datasource definition the header should contains "-" instead of "_" if the label contains such info
ex for app_kubernetes_io_name --> X-Prom-Label-app-kubernetes-io-name