sentry-javascript icon indicating copy to clipboard operation
sentry-javascript copied to clipboard

Published 20 hours ago verified publisher icon getsentry

gtm.js causes issues, cannot be filtered using denyUrls

Open jessetan opened this issue 1 year ago • 9 comments

Is there an existing issue for this?

  • [X] I have checked for existing issues https://github.com/getsentry/sentry-javascript/issues
  • [X] I have reviewed the documentation https://docs.sentry.io/
  • [X] I am using the latest SDK release https://github.com/getsentry/sentry-javascript/releases

How do you use Sentry?

Sentry Saas (sentry.io)

Which SDK are you using?

@sentry/nextjs

SDK Version

7.70.0

Framework Version

Next.js 12.3.4

Link to Sentry event

https://parfumado.sentry.io/issues/4503191085/?alert_rule_id=12596894&alert_type=issue&notification_uuid=a57be758-fb1d-4930-be13-254321452057&project=4504049306435584&referrer=issue_alert-slack

SDK Setup

Relevant part from sentry.client.config.js

denyUrls: [
    /www\.googletagmanager\.com/i,
],

next.config.js

  sentry: {
    hideSourceMaps: true,
    widenClientFileUpload: true,
  },

Steps to Reproduce

We have setup Sentry for our Next.js app and include Google Tag Manager in a

The stacktrace in Sentry then does not point to gtm.js, instead it thinks comes from our own app. When I run sentry-cli sourcemaps explain for the event, it does flag that this comes from a script element:

✔ Event has a valid exception present
✔ Event has a valid stacktrace present
✖ Selected frame (0) of event exception originates from the <script> tag, its not possible to resolve source maps

Expected Result

  • The stacktrace in Sentry should show that this comes from gtm.js
  • We should be able to filter out these issues using denyUrls

Actual Result

Screenshot 2023-09-25 at 17 27 32

Screenshot 2023-09-25 at 17 25 45 Screenshot 2023-09-25 at 17 29 15

jessetan avatar Sep 25 '23 15:09 jessetan

Hey there,

could you maybe try adding the ContextLines integration as described here: https://docs.sentry.io/platforms/javascript/guides/nextjs/configuration/integrations/contextlines/

Maybe that can help adding more information to the captured frames. It's a bit hard to say what exactly gtm does, sadly...!

mydea avatar Sep 28 '23 07:09 mydea

We actually have ContextLines integration turned on. My specific issue is that I expected the issue to be filtered out before being sent to Sentry, not that it has (or does not have) enough context.

jessetan avatar Sep 28 '23 10:09 jessetan

I think the root issue here is that we have an issue in Next.js with the basePath setting in combination with source maps. If we fix that you can set inbound filters in the settings inside the SDK.

lforst avatar Sep 28 '23 12:09 lforst

Thanks @lforst, is that #9057? We do not config an explicit basePath in our config though.

jessetan avatar Sep 28 '23 13:09 jessetan

is that https://github.com/getsentry/sentry-javascript/issues/9057?

@jessetan Mayyybee? I am not sure.

It's good to know though that you're not configuring a basePath. Another question: Are you using some kind of monorepo like Nx or Yarn workspaces? I am trying to figure out if we mess up some kind of path in the SDK..

lforst avatar Sep 29 '23 08:09 lforst

We have a subpackage in a folder (an editor for a headless CMS) which is bundled into the main app. It has its own deps and we use an older version of lerna to make sure all the dependencies are met without conflict. We don't release multiple packages from a monorepo though.

jessetan avatar Sep 29 '23 09:09 jessetan

Any news here? We're also getting a lot of errors coming from gtm scripts of our clients. We even setup allowUrls to be just window.location.origin + 2 of our company domains from which we serve script and shoot API requests. Even with that, those scripts pass through Screenshot 2024-04-25 at 13 31 06

mattleonowicz avatar Apr 25 '24 11:04 mattleonowicz

I would guess the problem is (and you can kind of see this in the screenshot you posted) that the error originates in global code, not in the gtm.js file - the first frame shows this. 🤔

I guess one thing you could try is to set up a beforeSend hook, and there look at the actual frames of the exception and see if one of them comes from gtm.js, and then drop the error - this may work. Could you try this and see if it helps>

mydea avatar Apr 29 '24 08:04 mydea

True, maybe GTM scripts of our clients just inject some other code directly into HTML and then they pose as normal <script> tags from html. Although if the trace from https://www.googletagmanager.com/gtm.js is visible shouldn't it be dropped due to our allowUrls? While testing this beforeSend solution with some sample GTM script that throws errors, the beforeSend function was not called at all. Only after I commented out our allowUrls, it started picking up this error That means that allowUrls do already filter those errors from GTM. Question is why not all of them.

Regardless, I'll add what you suggested, as a second layer of filtering.

if (event.exception?.values?.[0]?.stacktrace?.frames?.some((f) => f.filename?.includes(`https://www.googletagmanager.com/gtm.js`))) {
  return null;
}

I hope it helps. Thank you @mydea

mattleonowicz avatar Apr 29 '24 10:04 mattleonowicz