CORS: Sentry headers

[EduardSchwarzkopf]

the new version on sentry adds new headers, that are currently not allowed by the backend:

Access to XMLHttpRequest at 'https://api.events-test.aws-community.de/events/01H0XNCXEB0DBFGZXK9GQPBRZZ/participants/' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field baggage is not allowed by Access-Control-Allow-Headers in preflight response.

Removing the API Gateway URL in tracePropagationTargets, would remove the headers, but not sure if that is the correct approach. Here is the documentation on this topic: https://docs.sentry.io/platforms/javascript/performance/instrumentation/automatic-instrumentation/

tracePropagationTargets: ['localhost'],

Here is another reference on the same issue:

can you elaborate why you had to use traceFetch: false? Generally, you should be able to resolve any CORS issues by setting tracePropagationTargets so it only sends the sentry-trace and baggage header to domains that you checked accept these headers.

https://github.com/getsentry/sentry-javascript/issues/8175#issuecomment-1978316223

[hoegertn]

I deployed the latest version to dev. Let's see if it still happens? All headers should be accepted

[EduardSchwarzkopf]

Still same error. Am I using the correct base URL? https://api.events-test.aws-community.de/