Comments (28)
In the sentry server you currently cant configure global origins per-project, but if you run the server you can configure the global value.
I believe the setting is::
SENTRY_ALLOW_ORIGIN = '*'
from sentry-javascript.
Okey, i'm gonna try tomorrow.
That's can be interesting to get issue report on android/ios app.
thank's
from sentry-javascript.
Feel free to reopen this if there are any problems related to this.
(We could probably update the documentation to be more clear)
from sentry-javascript.
I just tried doing the same thing with the current raven version (1.1) but had no luck.
I always got the an HTTP error 400 with "Missing required attribute in authentication header". The missing attribute is sentry_secret.
(BTW, we are using the hosted sentry and I configured the client security with *
.
When loading the phonegap page in a browser a test event was correctly transmitted to sentry so generally this seems to work.
I think the problem is that when the image is loaded from the phonegap page, no referrer is given. This probably causes the sentry server to switch to a mode where the sentry_secret must be transmitted and no referrer check is done.
So I tried adding the secret key to the dsn, but then raven-js triggered an error because this is discouraged. (I think because sentry is mostly used in public websites).
I then modified my version of raven.js and added this line after 1495:
qs.push('sentry_secret=<my_secret>');
After retrying with this in place it worked successfully.
So how should we go on about implementing this correctly in sentry-js? We could add an additional method that allows to set the secret and document that this should only be used on non-public websites or inside phonegap or something similar. Or we could modify the config() method to only throw the mentioned exception if the code is executed in a browser and not inside phonegap. Then one could specify the secret in the dsn as normally.
I would be glad to implement whatever solution you deem fit. Just say what would be best, and I would fork and make a pull-request.
Thanks for looking into this!
from sentry-javascript.
@Shyru Does PhoneGap not sending a Referer or Origin header when making a request? At the moment, that's used for validation instead of the secret key.
from sentry-javascript.
@mattrobenolt No, phonegap does not send a referer. I checked this with safari's webinspector. I think it is the normal browser behavior to not send referrers when files are loaded from the filesystem with file://-urls. After all, which referer should they send?
from sentry-javascript.
I have the same issue, we want to use it with cordova but due to fact cordova use file:// url it's not allowed
from sentry-javascript.
Same problem here, although, oddly, IOS Cordova works, but Android does not.
from sentry-javascript.
same here ... why isn't this resolved? Its actually pretty trivial to fix on the client by enabling optionally pass the host instead of going over location.href ...
from sentry-javascript.
hmm wrong, its using origin from headers sent by the browser ....
from sentry-javascript.
anyways this should be resolved somehow.
from sentry-javascript.
huh it seems like * works already on sentry server, sorry for bugging you.
from sentry-javascript.
I have the same issue and SENTRY_ALLOW_ORIGIN = '*' is not working for me.
from sentry-javascript.
I asssume you do in in the wrong place
You need to go to the ui, project settings and put * into client security textarea
from sentry-javascript.
this is server side configuration.
from sentry-javascript.
@kof thanks! that resolved my issue.
from sentry-javascript.
Hi,
As you can see, I configured the allowed domains to * on the server (this is a self hosted sentry server):
Then, just to try it, I set it up in the debug console of safari, running my cordova project on the iOS simulator, and I still get the same error as above:
And here is the network request informations, you can see the "X-Sentry-Error Missing required attribute in authentication header: sentry_secret"
Am i doing something wrong? :(
Thanks!
from sentry-javascript.
What version of Sentry are you running?
from sentry-javascript.
Sentry 6.4.4
from sentry-javascript.
@Madumo I'm going to look into this on the Sentry side. I think the code path is rejecting if there isn't a Origin
or Referer
header at all. I'll poke at this tonight and see what the issue is.
from sentry-javascript.
@mattrobenolt Hi, I would just like to know if you have any update on that bug. Did you find something? Was it what you thought?
from sentry-javascript.
Sorry, I haven't had a chance to look into it yet. 😦
from sentry-javascript.
I too have the same issue when using phonegap. Adding API key to application is detected and prevented in the raven library - so far I see no easy workaround.
from sentry-javascript.
Is this resolved?
from sentry-javascript.
Bumping this up as this came up today.
I think to support this we have to accept input from raven.js that uses a secret key.
from sentry-javascript.
Actually I could be wrong. I need to confirm that '*' in the origins field doesn't allow this to work. Either way, keeping this ticket open at the very least to document how to do it.
from sentry-javascript.
Is this fixed with XHR+CORS in 2.0?
It seems like it would be, but we don't test explicitly against PhoneGap, so I'm not 100% sure.
Please reopen if this is still an issue and we can try to address.
from sentry-javascript.
Tested it in Cordova/Phonegap: Works.
Does not work from file:// in normal browser
from sentry-javascript.
Related Issues (20)
- nextjs-app-dir (canary) Test Failed
- Add SvelteKit component tracking auto instrumentation
- Sentry syntheticException should not capture it's own stack trace HOT 1
- Crash-Report Modal 404s with EU DSN HOT 4
- React Router V5 Integration is not parameterizing transaction names HOT 7
- v7.112 webpack & angular warning: node_modules/@sentry/integrations/esm/offline.js depends on 'localforage'. CommonJS or AMD dependencies can cause optimization bailouts. HOT 4
- Backport `7.113.0` HOT 1
- [Flaky CI]: tracing/metrics/handlers-lcp/test.ts › should capture metrics for LCP instrumentation handlers HOT 1
- nextjs-14 (latest) Test Failed
- nextjs-14 (canary) Test Failed
- Mixing node and edge instrumentations causes webpack errors HOT 8
- Ember Canary ember-release Test Failed
- Breadcrumbs related to an event are only visible in the next events, and also breadcrumbs are not isolated in the event. HOT 2
- Nextjs capture console integration typescript error and doesn't work HOT 4
- `console.trace` causing `level:error` events in Sentry HOT 5
- Sentry replay removes insertRule hooks HOT 4
- Not working from Next.js middleware (edge runtime) when not using src folder HOT 3
- [User Feedback] Scroll feedback form when window height is short
- [User Feedback] Reconfigure feedback form layout when window is narrow and screenshot is aded
- [User Feedback] When the feedback dialog is open scroll events get passed through to the page below (this is worse when screenshot is added)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sentry-javascript.