feat: drop tunnel requests from middleware execution

Author: logaretm

packages/nextjs/src/common/utils/dropMiddlewareTunnelRequests.ts

@@ -0,0 +1,62 @@
+import { ATTR_URL_QUERY, SEMATTRS_HTTP_TARGET } from '@opentelemetry/semantic-conventions';
+import { type Span, type SpanAttributes, GLOBAL_OBJ, SEMANTIC_ATTRIBUTE_SENTRY_ORIGIN } from '@sentry/core';
+import { isSentryRequestSpan } from '@sentry/opentelemetry';
+import { ATTR_NEXT_SPAN_TYPE } from '../nextSpanAttributes';
+import { TRANSACTION_ATTR_SHOULD_DROP_TRANSACTION } from '../span-attributes-with-logic-attached';
+
+const globalWithInjectedValues = GLOBAL_OBJ as typeof GLOBAL_OBJ & {
+  _sentryRewritesTunnelPath?: string;
+};
+
+/**
+ * Drops spans for tunnel requests from middleware or fetch instrumentation.
+ * This catches both:
+ * 1. Requests to the local tunnel route (before rewrite)
+ * 2. Requests to Sentry ingest (after rewrite)
+ */
+export function dropMiddlewareTunnelRequests(span: Span, attrs: SpanAttributes | undefined): void {
+  // Only filter middleware spans or HTTP fetch spans
+  const isMiddleware = attrs?.[ATTR_NEXT_SPAN_TYPE] === 'Middleware.execute';
+  // The fetch span could be originating from rewrites re-writing a tunnel request
+  // So we want to filter it out
+  const isFetchSpan = attrs?.[SEMANTIC_ATTRIBUTE_SENTRY_ORIGIN] === 'auto.http.otel.node_fetch';
+
+  // If the span is not a middleware span or a fetch span, return
+  if (!isMiddleware && !isFetchSpan) {
+    return;
+  }
+
+  // Check if this is either a tunnel route request or a Sentry ingest request
+  const isTunnel = isTunnelRouteSpan(attrs || {});
+  const isSentry = isSentryRequestSpan(span);
+
+  if (isTunnel || isSentry) {
+    // Mark the span to be dropped
+    span.setAttribute(TRANSACTION_ATTR_SHOULD_DROP_TRANSACTION, true);
+  }
+}
+
+/**
+ * Checks if a span's HTTP target matches the tunnel route.
+ */
+function isTunnelRouteSpan(spanAttributes: Record<string, unknown>): boolean {
+  // Don't use process.env here because it will have a different value in the build and runtime
+  // We want to use the one in build
+  const tunnelPath = globalWithInjectedValues._sentryRewritesTunnelPath || process.env._sentryRewritesTunnelPath;
+  if (!tunnelPath) {
+    return false;
+  }
+
+  // Check both http.target (older) and url.query (newer) attributes
+  // eslint-disable-next-line deprecation/deprecation
+  const httpTarget = spanAttributes[SEMATTRS_HTTP_TARGET] || spanAttributes[ATTR_URL_QUERY];
+
+  if (typeof httpTarget === 'string') {
+    // Extract pathname from the target (e.g., "/tunnel?o=123&p=456" -> "/tunnel")
+    const pathname = httpTarget.split('?')[0] || '';
+
+    return pathname.startsWith(tunnelPath);
+  }
+
+  return false;
+}

packages/nextjs/src/edge/index.ts

@@ -1,5 +1,6 @@
 import { context } from '@opentelemetry/api';
 import {
+  type EventProcessor,
   applySdkMetadata,
   getCapturedScopesOnSpan,
   getCurrentScope,
@@ -19,7 +20,9 @@ import {
 import { getScopesFromContext } from '@sentry/opentelemetry';
 import type { VercelEdgeOptions } from '@sentry/vercel-edge';
 import { getDefaultIntegrations, init as vercelEdgeInit } from '@sentry/vercel-edge';
+import { TRANSACTION_ATTR_SHOULD_DROP_TRANSACTION } from '../common/span-attributes-with-logic-attached';
 import { addHeadersAsAttributes } from '../common/utils/addHeadersAsAttributes';
+import { dropMiddlewareTunnelRequests } from '../common/utils/dropMiddlewareTunnelRequests';
 import { isBuild } from '../common/utils/isBuild';
 import { flushSafelyWithTimeout } from '../common/utils/responseEnd';
 import { setUrlProcessingMetadata } from '../common/utils/setUrlProcessingMetadata';
@@ -35,6 +38,7 @@ export type EdgeOptions = VercelEdgeOptions;
 const globalWithInjectedValues = GLOBAL_OBJ as typeof GLOBAL_OBJ & {
   _sentryRewriteFramesDistDir?: string;
   _sentryRelease?: string;
+  _sentryRewritesTunnelPath?: string;
 };
 
 /** Inits the Sentry NextJS SDK on the Edge Runtime. */
@@ -70,6 +74,8 @@ export function init(options: VercelEdgeOptions = {}): void {
     const rootSpan = getRootSpan(span);
     const isRootSpan = span === rootSpan;
 
+    dropMiddlewareTunnelRequests(span, spanAttributes);
+
     // Mark all spans generated by Next.js as 'auto'
     if (spanAttributes?.['next.span_type'] !== undefined) {
       span.setAttribute(SEMANTIC_ATTRIBUTE_SENTRY_ORIGIN, 'auto');
@@ -137,6 +143,24 @@ export function init(options: VercelEdgeOptions = {}): void {
     }
   });
 
+  getGlobalScope().addEventProcessor(
+    Object.assign(
+      (event => {
+        // Filter transactions that we explicitly want to drop.
+        if (event.type === 'transaction') {
+          if (event.contexts?.trace?.data?.[TRANSACTION_ATTR_SHOULD_DROP_TRANSACTION]) {
+            return null;
+          }
+
+          return event;
+        } else {
+          return event;
+        }
+      }) satisfies EventProcessor,
+      { id: 'NextLowQualityTransactionsFilter' },
+    ),
+  );
+
   try {
     // @ts-expect-error `process.turbopack` is a magic string that will be replaced by Next.js
     if (process.turbopack) {

packages/nextjs/src/server/index.ts

@@ -38,6 +38,7 @@ import {
   TRANSACTION_ATTR_SHOULD_DROP_TRANSACTION,
 } from '../common/span-attributes-with-logic-attached';
 import { addHeadersAsAttributes } from '../common/utils/addHeadersAsAttributes';
+import { dropMiddlewareTunnelRequests } from '../common/utils/dropMiddlewareTunnelRequests';
 import { isBuild } from '../common/utils/isBuild';
 import { setUrlProcessingMetadata } from '../common/utils/setUrlProcessingMetadata';
 import { distDirRewriteFramesIntegration } from './distDirRewriteFramesIntegration';
@@ -169,6 +170,8 @@ export function init(options: NodeOptions): NodeClient | undefined {
     const rootSpan = getRootSpan(span);
     const isRootSpan = span === rootSpan;
 
+    dropMiddlewareTunnelRequests(span, spanAttributes);
+
     // What we do in this glorious piece of code, is hoist any information about parameterized routes from spans emitted
     // by Next.js via the `next.route` attribute, up to the transaction by setting the http.route attribute.
     if (typeof spanAttributes?.[ATTR_NEXT_ROUTE] === 'string') {