sentry-javascript icon indicating copy to clipboard operation
sentry-javascript copied to clipboard

Published 20 hours ago verified publisher icon getsentry

Getting blocked by CORS only for Session Replay capture requests made from my localhost to Sentry self hosted behind a Cloudflare tunnel

Open SivgunLeven opened this issue 1 year ago • 3 comments

Is there an existing issue for this?

  • [X] I have checked for existing issues https://github.com/getsentry/sentry-javascript/issues
  • [X] I have reviewed the documentation https://docs.sentry.io/
  • [X] I am using the latest SDK release https://github.com/getsentry/sentry-javascript/releases

How do you use Sentry?

Self-hosted/on-premise

Which SDK are you using?

Sentry Browser CDN bundle

SDK Version

7.93.0

Framework Version

No response

Link to Sentry event

-- using self hosted --

SDK Setup

Sentry.init({ dsn: 'https://cloudflareurl.com', tracesSampleRate: 1.0, replaysSessionSampleRate: 1.0, replaysOnErrorSampleRate: 1.0, integrations: [ new Sentry.Replay(), new Sentry.BrowserTracing() ], debug: true, });

Steps to Reproduce

I'm using the 7.93.0/bundle.tracing.replay.debug.min.js . To reproduce the issue, I simply trigger an error deliberately, for eg :- invoking a JS function that has not been defined, and look to see if Session replay is available in Sentry dashboard

Expected Result

Session Replay should become available

Actual Result

On debugging this issue, what I've found is that the requests are getting blocked by the CORS policy, here are screenshots: The following is the envelope request that has the replay information in its payload: Screenshot 2024-02-05 at 5 01 33 PM You can see in the response headers there's none for 'Access-Control-Allow-Origin'. Here's what the error looks like in console: Screenshot 2024-02-05 at 5 05 40 PM

Now for the envelope requests that carry the error transaction payload, they work fine and have the 'Access-Control-Allow-Origin' header, like so: Screenshot 2024-02-05 at 5 08 32 PM

Any insight would be appreciate !!!

SivgunLeven avatar Feb 05 '24 22:02 SivgunLeven

Hey, what you are seeing there are the response headers. So this does not come from the SDK, but from your Sentry instance. Can it be that your self hosted instance is not up to date, or does not have Replay enabled?

mydea avatar Feb 06 '24 08:02 mydea

We've installed the latest major release of sentry self hosted, and the project has replay enabled. Any other ideas?

SivgunLeven avatar Feb 06 '24 22:02 SivgunLeven

What is in the response payload for the request? If it says something along the lines of "cors" you may need to check your "Allowed Domains" settings in your project.

Image

Edit: Sorry just saw that it is an actual CORS error so no response payload. Can you check whether you have any settings on your self-hosted instance? Also do the self-hosted logs say anything?

lforst avatar Feb 07 '24 15:02 lforst

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you remove the label Waiting for: Community, I will leave it alone ... forever!

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

getsantry[bot] avatar May 09 '24 07:05 getsantry[bot]