Option to not send sentry-trace header to certain origins #3203
Comments
|
This would be nice to have, we have a similar issue where we have a script hosted on a third part domain that calls their internal API with AJAX but this straight up fails due to CORS restrictions when using the tracing integration. I think this it because sentry tries to wrap AJAX calls with its own function so requests are sent as coming from our domain instead of the third party. Not sure if there's a workaround for this right now. |
|
You can use tracingOrigins to filter on which requests |
|
@raiviskrumins that's right, but it also prevents automatic tracing of those origins. I'd like to have tracing, but not send the header. |
|
Do I understand it correctly that in order to fetch an error produced by API call, that API endpoint need to match one of the regexps in I would like to track an error but without attaching the |
|
Hi there, I just wanted to bump this. We're experiencing this exact same error with a third party API we're seeing. |
|
The same, calling our own private api attaches sentry-trace header to each fetch request and requires us to whitelist in Mitigation so far Thus, it will attach only when ipv6 local domain, which is rarely used (we prefer localhost, 127.0.0.1.. etc) |
|
There's usually a way to access the underlying modules and remove the additional header that sentry has added, e.g. in import http from 'http'
class StrippingAgent extends http.Agent {
addRequest(req, options) {
if (!options.stripTracingHeader) {
return super.addRequest(req, options)
}
req.removeHeader('sentry-trace')
const { 'sentry-trace': x, ...headers } = options.headers
const forward = { ...options, headers }
return super.addRequest(req, forward)
}
}
const agent = new StrippingAgent()
http.request(url, {
agent,
stripTracingHeader: true,
})Not 100% sure if this will work but I'll be giving it a shot tomorrow. edit: just did a quick test and it seems to work This is for the node library. I'd be happy to look into a browser solution if needed? Relevant code: https://github.com/getsentry/sentry-javascript/blob/master/packages/node/src/integrations/http.ts#L120-L124 |
|
Hi all, This new feature should resolve, sorry we added it but forgot to respond to this particular issue. https://develop.sentry.dev/sdk/performance/#tracepropagationtargets |
|
will close the issue, but please let me know if we should reconsider something! |
|
Is there a way to stop sentry from adding a |
Package + Version
@sentry/browser@sentry/noderaven-jsraven-node(raven for node)@sentry/tracingVersion:
Description
We call a third party API for most of our app's interactions, where we have no control over their
Access-Control-Allow-Headersresponse. I'd love to automatically record spans for my calls to this API, but the current integration always adds thesentry-traceheader, which causes CORS to fail. I'd love to be able to exclude this header from being sent for that origin, since we wouldn't be able to link up the traces with a third party anyway.The text was updated successfully, but these errors were encountered: