Skip to content

fix(core): Only consider ingest endpoint requests when checking isSentryRequestUrl #17393

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 26, 2025
Merged

fix(core): Only consider ingest endpoint requests when checking isSentryRequestUrl #17393

merged 3 commits into from
Aug 26, 2025

Conversation

Lms24
Copy link
Member

@Lms24 Lms24 commented Aug 12, 2025
edited
Loading

This PR makes a change to our isSentryRequestUrl utility which is used in various parts of the SDKs.

The function checks both, the DSN as well as the tunnel option to determine if a request URL is a URL to Sentry. I would argue, we should only return true for requests to Sentry's ingest endpoint. For example, if users make regular requests to the Sentry API from within their app that uses a Sentry SDK, we should not special case that request.

Therefore, this PR makes the check for the request URL more specific:

  • If tunnel is not provided, return true iff the the url includes the host of the DSN AND if it includes the sentry_key query param. This param is mandatory to be sent along, as it's equal to the public key of the DSN .
  • If tunnel is provided, the check was already specific enough because the request URL has to match exactly the configured tunnel URL.

closes #17385
(^ very likely. We didn't repro this specifically but the httpClientIntegration bails out exactly if it hits the isSentryRequestUrl check)

cursor[bot]

This comment was marked as outdated.

Sign in to view

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 12, 2025
edited
Loading

size-limit report 📦

Path Size % Change Change
@sentry/browser 24.16 kB - -
@sentry/browser - with treeshaking flags 22.73 kB - -
@sentry/browser (incl. Tracing) 39.87 kB - -
@sentry/browser (incl. Tracing, Replay) 78.04 kB +0.07% +49 B 🔺
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags 67.88 kB +0.07% +44 B 🔺
@sentry/browser (incl. Tracing, Replay with Canvas) 82.73 kB +0.06% +44 B 🔺
@sentry/browser (incl. Tracing, Replay, Feedback) 94.85 kB +0.06% +52 B 🔺
@sentry/browser (incl. Feedback) 40.83 kB - -
@sentry/browser (incl. sendFeedback) 28.81 kB - -
@sentry/browser (incl. FeedbackAsync) 33.7 kB - -
@sentry/react 25.88 kB - -
@sentry/react (incl. Tracing) 41.86 kB - -
@sentry/vue 28.64 kB - -
@sentry/vue (incl. Tracing) 41.69 kB - -
@sentry/svelte 24.18 kB - -
CDN Bundle 25.66 kB -0.01% -2 B 🔽
CDN Bundle (incl. Tracing) 39.75 kB -0.02% -6 B 🔽
CDN Bundle (incl. Tracing, Replay) 75.87 kB +0.07% +46 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback) 81.31 kB +0.06% +47 B 🔺
CDN Bundle - uncompressed 74.96 kB - -
CDN Bundle (incl. Tracing) - uncompressed 117.59 kB - -
CDN Bundle (incl. Tracing, Replay) - uncompressed 231.95 kB +0.04% +71 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed 244.55 kB +0.03% +71 B 🔺
@sentry/nextjs (client) 43.89 kB - -
@sentry/sveltekit (client) 40.32 kB - -
@sentry/node-core 47.99 kB - -
@sentry/node 148.42 kB - -
@sentry/node - without tracing 92.24 kB - -
@sentry/aws-serverless 104.46 kB - -

View base workflow run

@Lms24 Lms24 requested review from andreiborza and mydea August 12, 2025 14:34
@Lms24 Lms24 self-assigned this Aug 12, 2025
Lms24
Lms24 commented Aug 12, 2025
View reviewed changes
packages/cloudflare/test/integrations/fetch.test.ts
Comment on lines +104 to +105
fetchData: { url: 'https://dsn.ingest.sentry.io/1337?sentry_key=123', method: 'POST' },
args: ['https://dsn.ingest.sentry.io/1337?sentry_key=123'],
Copy link
Member Author

@Lms24 Lms24 Aug 12, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this perfectly illustrates the consequences of this change. Previously, this URL was considered a "Sentry request", now we have to add the query parameter for it to still be considered one. This is likely just because the test was "incomplete" before but it does open up potential for a few false negatives. Thoughts anyone?

We can further refine the URL matching logic as we want

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sounds reasonable to me!

@Lms24 Lms24 mentioned this pull request Aug 13, 2025
Closed
3 tasks
@Lms24 Lms24 force-pushed the lms/fix-core-isSentryRequestUrl branch from 44ff5ee to 9209fb3 Compare August 25, 2025 09:31
@Lms24 Lms24 requested a review from a team as a code owner August 25, 2025 09:31
@Lms24 Lms24 force-pushed the lms/fix-core-isSentryRequestUrl branch from 9209fb3 to 21aac6b Compare August 26, 2025 07:07
@Lms24 Lms24 merged commit 2eb681e into develop Aug 26, 2025
677 of 715 checks passed
@Lms24 Lms24 deleted the lms/fix-core-isSentryRequestUrl branch August 26, 2025 08:48
This was referenced Sep 29, 2025
Closed
Closed
This was referenced Oct 7, 2025
Closed
Closed
@fossabot fossabot bot mentioned this pull request Oct 15, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@chargome chargome chargome approved these changes

@mydea mydea Awaiting requested review from mydea

@andreiborza andreiborza Awaiting requested review from andreiborza

Assignees

@Lms24 Lms24

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Http client errors not sent when relay is hosted on the same domain.

3 participants

@Lms24 @mydea @chargome