bijancot
commented
1 week ago Hi, It's look like you already following the docs. Did you try to run install.sh again ? if not yet can you try that and share the result after run install.sh ?
Cheers !
Open arrayListTwo opened 1 week ago
bijancot
commented
1 week ago Hi, It's look like you already following the docs. Did you try to run install.sh again ? if not yet can you try that and share the result after run install.sh ?
Cheers !
arrayListTwo
commented
1 week ago Hi, It's look like you already following the docs. Did you try to run install.sh again ? if not yet can you try that and share the result after run install.sh ?
Cheers !
I haven't rerun install.sh, I can try it and see what happens
arrayListTwo
commented
1 week ago Hi, It's look like you already following the docs. Did you try to run install.sh again ? if not yet can you try that and share the result after run install.sh ? Cheers !
I haven't rerun install.sh, I can try it and see what happens
aldy505
commented
1 week ago Modifying SENTRY_ALLOW_ORIGIN will only take into effect for the web UI. The /api/4/envelope endpoint is not a UI API, but it's an ingest API which is handled by relay. You can see the nginx route config here: https://github.com/getsentry/self-hosted/blob/8fd24d02312f9fd7990c1ad0808d561c7b4f80b5/nginx/nginx.conf#L85-L87
Those ingest endpoint (the /api/[\d]/envelope route) should correctly return a wildcard for CORS allow origin.
I'm seeing openresty on your Server response header. Can you make sure that the response header is not being overridden by any other load balancer/reverse proxy?
arrayListTwo
commented
2 days ago Modifying
SENTRY_ALLOW_ORIGINwill only take into effect for the web UI. The/api/4/envelopeendpoint is not a UI API, but it's an ingest API which is handled by relay. You can see the nginx route config here:Lines 85 to 87 in 8fd24d0
location ~ ^/api/[1-9]\d*/ { proxy_pass http://relay; } Those ingest endpoint (the
/api/[\d]/enveloperoute) should correctly return a wildcard for CORS allow origin.I'm seeing
openrestyon yourServerresponse header. Can you make sure that the response header is not being overridden by any other load balancer/reverse proxy?
Yes, in the outer layer of the sentry server, there is also an nginx server, so let me make the following analogy based on the actual situation:
My outer layer 'nginx' is configured as follows:
location /monitor/ {
proxy_set_header X-Real-IP $remote_addr;
Proxy_pass http://10.198.2.132:9000/;
}I'm sentry web UI, configuration root URL for http://example.com/monitor
After the front-end 'vue' program accesses the 'sentry' service, when the exception is reported, the interface '/api/4/envelope' is called, and the response header is' Access-Control-Allow-Origin: * '. I expect the response header to be: Access-Control-Allow-Origin: http://example.com
I tried to change the following configuration by hosting /nginx/nginx.conf:
location ~ ^/api/[1-9]\d*/ {
add_header Access-Control-Allow-Origin "http://example.com";
proxy_pass http://relay;
}At this point the 'api/4/envelope' response header is:
Access-Control-Allow-Origin: http://example.com;
Access-Control-Allow-Origin: *How can I modify sentry's nginx configuration to achieve the effect I want?
Self-Hosted Version
24.9.0
CPU Architecture
x86_64
Docker Version
26.1.4
Docker Compose Version
2.27.1
Steps to Reproduce
1、The default CORS policy for sentry is , and I want to configure it to a specific domain name. 2、According to the document
https://develop.sentry.dev/application/config/insentry.conf.pyconfigured in theSENTRY_ALLOW_ORIGIN = "http://foo.example", 3、then I executedocker compose downto close the service, re-build and start the service withdocker compose up -d --build` 4、 We find that when we call an api request (' api/4/envelope '), the response header is still: 'access-control-allow-origin: 'Expected Result
Expect the response header when calling an api request (' api/4/envelope ') to be: access-control-allow-origin: http://foo.example ', that is, the SENTRY_ALLOW_ORIGIN value configured in sentr.conf. py
Actual Result
Event ID
No response