Use Raven-js coupled to sentry in phoneGap app about sentry-javascript HOT 28 CLOSED

In the sentry server you currently cant configure global origins per-project, but if you run the server you can configure the global value.

I believe the setting is::

SENTRY_ALLOW_ORIGIN = '*'

from sentry-javascript.

Okey, i'm gonna try tomorrow.
That's can be interesting to get issue report on android/ios app.

thank's

from sentry-javascript.

Feel free to reopen this if there are any problems related to this.

(We could probably update the documentation to be more clear)

from sentry-javascript.

I just tried doing the same thing with the current raven version (1.1) but had no luck.
I always got the an HTTP error 400 with "Missing required attribute in authentication header". The missing attribute is sentry_secret.
(BTW, we are using the hosted sentry and I configured the client security with *.
When loading the phonegap page in a browser a test event was correctly transmitted to sentry so generally this seems to work.
I think the problem is that when the image is loaded from the phonegap page, no referrer is given. This probably causes the sentry server to switch to a mode where the sentry_secret must be transmitted and no referrer check is done.
So I tried adding the secret key to the dsn, but then raven-js triggered an error because this is discouraged. (I think because sentry is mostly used in public websites).

I then modified my version of raven.js and added this line after 1495:
qs.push('sentry_secret=<my_secret>');

After retrying with this in place it worked successfully.
So how should we go on about implementing this correctly in sentry-js? We could add an additional method that allows to set the secret and document that this should only be used on non-public websites or inside phonegap or something similar. Or we could modify the config() method to only throw the mentioned exception if the code is executed in a browser and not inside phonegap. Then one could specify the secret in the dsn as normally.

I would be glad to implement whatever solution you deem fit. Just say what would be best, and I would fork and make a pull-request.
Thanks for looking into this!

from sentry-javascript.

@Shyru Does PhoneGap not sending a Referer or Origin header when making a request? At the moment, that's used for validation instead of the secret key.

from sentry-javascript.

@mattrobenolt No, phonegap does not send a referer. I checked this with safari's webinspector. I think it is the normal browser behavior to not send referrers when files are loaded from the filesystem with file://-urls. After all, which referer should they send?

from sentry-javascript.

I have the same issue, we want to use it with cordova but due to fact cordova use file:// url it's not allowed

from sentry-javascript.

Same problem here, although, oddly, IOS Cordova works, but Android does not.

from sentry-javascript.

same here ... why isn't this resolved? Its actually pretty trivial to fix on the client by enabling optionally pass the host instead of going over location.href ...

from sentry-javascript.

hmm wrong, its using origin from headers sent by the browser ....

from sentry-javascript.

anyways this should be resolved somehow.

from sentry-javascript.

huh it seems like * works already on sentry server, sorry for bugging you.

from sentry-javascript.

I have the same issue and SENTRY_ALLOW_ORIGIN = '*' is not working for me.

from sentry-javascript.

I asssume you do in in the wrong place

You need to go to the ui, project settings and put * into client security textarea

from sentry-javascript.

this is server side configuration.

from sentry-javascript.

@kof thanks! that resolved my issue.

from sentry-javascript.

Hi,

As you can see, I configured the allowed domains to * on the server (this is a self hosted sentry server):

Then, just to try it, I set it up in the debug console of safari, running my cordova project on the iOS simulator, and I still get the same error as above:

And here is the network request informations, you can see the "X-Sentry-Error Missing required attribute in authentication header: sentry_secret"

Am i doing something wrong? :(
Thanks!

from sentry-javascript.

What version of Sentry are you running?

from sentry-javascript.

Sentry 6.4.4

from sentry-javascript.

@Madumo I'm going to look into this on the Sentry side. I think the code path is rejecting if there isn't a Origin or Referer header at all. I'll poke at this tonight and see what the issue is.

from sentry-javascript.

@mattrobenolt Hi, I would just like to know if you have any update on that bug. Did you find something? Was it what you thought?

from sentry-javascript.

Sorry, I haven't had a chance to look into it yet. 😦

from sentry-javascript.

I too have the same issue when using phonegap. Adding API key to application is detected and prevented in the raven library - so far I see no easy workaround.

from sentry-javascript.

Is this resolved?

from sentry-javascript.

Bumping this up as this came up today.

I think to support this we have to accept input from raven.js that uses a secret key.

from sentry-javascript.

Actually I could be wrong. I need to confirm that '*' in the origins field doesn't allow this to work. Either way, keeping this ticket open at the very least to document how to do it.

from sentry-javascript.

Is this fixed with XHR+CORS in 2.0?

It seems like it would be, but we don't test explicitly against PhoneGap, so I'm not 100% sure.

Please reopen if this is still an issue and we can try to address.

from sentry-javascript.

Tested it in Cordova/Phonegap: Works.
Does not work from file:// in normal browser

from sentry-javascript.