search

getsentry / sentry

Developer-first error tracking and performance monitoring
https://sentry.io
Other
38.91k stars 4.17k forks source link

CORS error when trying to POST user feedback through API endpoint #38508

Closed Blooon closed 2 years ago

Blooon commented 2 years ago

Environment

SaaS (https://sentry.io/)

Version

No response

Steps to Reproduce

Hi !

I'm trying to make a custom User Feedback dialog integration in our React project (@sentry/react v7.12.1) and therefore I try to send the user feedback data myself in our frontend client using POST to https://sentry.io/api/0/projects///user-feedback API endpoint, as described in your doc.

However I'm getting a CORS error when POSTing the data. In DevTools the request's status returns : "Cross-Origin Resource Sharing error: PreflightMissingAllowOriginHeader". image

Regarding request's headers, Authorization is made using our DSN and Content-Type is "application/json" as mentioned is the doc.

Expected Result

The user feedback data should be POSTed via the Sentry API for the corresponding issue.

Actual Result

a CORS error when POSTing the data. In DevTools the request's status returns : "Cross-Origin Resource Sharing error: PreflightMissingAllowOriginHeader". image sentry

I've tried the same request using Postman but this leads to a 404 Not Found whereas the issue with the corresponding event_id does exist in our Sentry Issues.

Using Curl returns a 404 as well :

curl https://sentry.io/api/0/projects/<our_company>/<our_project>/user-feedback \
 -H 'Authorization: DSN <our_dsn>' \
 -H 'Content-Type: application/json' \
 -d '{"eventId":"d78258e2dc5540939f6f0a6f9a39b71e","name":"Paulette Hoarau","email":"superadmin@domain.fr","comments":"Test"}' -v
*   Trying 35.188.42.15:443...
* TCP_NODELAY set
* Connected to sentry.io (35.188.42.15) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP2 (h2)
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Next protocol (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Sentry; CN=sentry.io
*  start date: Jun  3 00:00:00 2022 GMT
*  expire date: Jul  4 23:59:59 2023 GMT
*  subjectAltName: host "sentry.io" matched cert's "sentry.io"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS RSA SHA256 2020 CA1
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55cff3093880)
> POST /api/0/projects/<our_company>/<our_project>/user-feedback HTTP/2
> Host: sentry.io
> user-agent: curl/7.68.0
> accept: */*
> authorization: DSN <our_dsn>
> content-type: application/json
> content-length: 120
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
* We are completely uploaded and fine
< HTTP/2 404 
< server: nginx
< date: Wed, 07 Sep 2022 09:37:05 GMT
< content-type: text/html; charset=utf-8
< content-length: 0
< x-sentry-rate-limit-remaining: 39
< x-sentry-rate-limit-limit: 40
< x-sentry-rate-limit-reset: 1662543426
< x-sentry-rate-limit-concurrentremaining: 24
< x-sentry-rate-limit-concurrentlimit: 25
< vary: Accept-Language, Cookie
< content-language: en
< x-frame-options: deny
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< content-security-policy: default-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' s1.sentry-cdn.com js.sentry-cdn.com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com ssl.google-analytics.com 'nonce-dc24d8febb6e4f54a9990da79248d3dc' 'strict-dynamic' cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; font-src * data:; connect-src *; frame-ancestors 'self'; object-src 'self'; base-uri 'none'; style-src 'unsafe-inline' *; img-src * data: blob:; report-uri https://sentry.io/api/54785/csp-report/?sentry_key=f724a8a027db45f5b21507e7142ff78e&sentry_release=22.9.0+fabd936d98962669368b9812500a8d22f24476e8
< x-envoy-attempt-count: 1
< x-envoy-upstream-service-time: 9
< x-served-by: getsentry-web-default-production-756dbddd8d-pfp55
< x-served-by: lb-7
< strict-transport-security: max-age=31536000; includeSubDomains; preload

As far as I've seen, it seems to be a quite common issue when trying to use an API endpoint. But I couldn't find any issue providing a matching solution. Thus, I'm unsure if that's a problem from your side or a missing config from ours. Just let me know.

getsentry-release commented 2 years ago

Routing to @getsentry/app-frontend for triage. ⏲️

markstory commented 2 years ago

d '{"eventId":"d78258e2dc5540939f6f0a6f9a39b71e",

The request parameter is event_id not eventId.

Blooon commented 2 years ago

Indeed, my mistake.. 🤦‍♂️ However I still have the same issue with event_id.

markstory commented 2 years ago

Ok. The reason you're getting a 404 is that your URL is missing the trailing slash https://sentry.io/api/0/projects/<our_company>/<our_project>/user-feedback needs to be https://sentry.io/api/0/projects/<our_company>/<our_project>/user-feedback/.

Blooon commented 2 years ago

Hi ! It is working with the additional trailing slash ! Never saw an API endpoint with a trailing slash like that, but anyway it solves my issue. Thanks a lot for the help ! :)