diff --git a/app/controllers/projects/environments/prometheus_api_controller.rb b/app/controllers/projects/environments/prometheus_api_controller.rb
index bbd937981bb..0ce97706792 100644
--- a/app/controllers/projects/environments/prometheus_api_controller.rb
+++ b/app/controllers/projects/environments/prometheus_api_controller.rb
@@ -5,13 +5,11 @@ class Projects::Environments::PrometheusApiController < Projects::ApplicationCon
   before_action :environment
 
   def proxy
-    permitted = permit_params
-
     result = Prometheus::ProxyService.new(
       environment,
       request.method,
-      permitted[:proxy_path],
-      permitted.except(:proxy_path) # rubocop: disable CodeReuse/ActiveRecord
+      params[:proxy_path],
+      params
     ).execute
 
     if result.nil?
@@ -24,20 +22,15 @@ class Projects::Environments::PrometheusApiController < Projects::ApplicationCon
     if result[:status] == :success
       render status: result[:http_status], json: result[:body]
     else
-      render status: result[:http_status] || :bad_request,
+      render(
+        status: result[:http_status] || :bad_request,
         json: { status: result[:status], message: result[:message] }
+      )
     end
   end
 
   private
 
-  def permit_params
-    params.permit([
-      :proxy_path, :query, :time, :timeout, :start, :end, :step, { match: [] },
-      :match_target, :metric, :limit
-    ])
-  end
-
   def environment
     @environment ||= project.environments.find(params[:id])
   end
diff --git a/spec/controllers/projects/environments/prometheus_api_controller_spec.rb b/spec/controllers/projects/environments/prometheus_api_controller_spec.rb
index 2cabb3f75d2..f1ac127fc9e 100644
--- a/spec/controllers/projects/environments/prometheus_api_controller_spec.rb
+++ b/spec/controllers/projects/environments/prometheus_api_controller_spec.rb
@@ -36,15 +36,6 @@ describe Projects::Environments::PrometheusApiController do
           expect(response).to have_gitlab_http_status(:ok)
           expect(json_response).to eq(prometheus_json_body)
         end
-
-        it 'filters unknown params' do
-          get :proxy, params: environment_params(unknown_param: 'value')
-
-          params = ActionController::Parameters.new('query' => '1').permit!
-          expect(Prometheus::ProxyService)
-            .to have_received(:new)
-            .with(environment, 'GET', 'query', params)
-        end
       end
 
       context 'with nil result' do