Closed avanisinghal1 closed 2 years ago
We have tried the same thing with a completely clean setup and got the same error
08:35:21 [ERROR] sentry_sdk.errors: Unexpected status code: 403 (body: b'\n\n\n\n\n\n\n\n\n\n<!DOCTYPE html>\n<html lang="en">\n<head>\n <meta http-equiv="content-type" content="text/html; charset=utf-8">\n <meta name="robots" content="NONE,NOARCHIVE">\n <meta name="viewport" content="width=device-width, initial-scale=1">\n <meta name="theme-color" content="#000000">\n\n <link rel="icon" type="image/png" href="https://sentry.<Domain>.com/_static/1644305982/sentry/images/favicon.png">\n\n <link rel="apple-touch-icon" href="https://sentry.<Domain>.com/_static/1644305982/sentry/images/logos/apple-touch-icon.png">\n <link rel="apple-touch-icon" sizes="76x76" href="https://sentry.<Domain>.com/_static/1644305982/sentry/images/logos/apple-touch-icon-76x76.png">\n <link rel="apple-touch-icon" sizes="120x120" href="https://sentry.<Domain>.com/_static/1644305982/sentry/images/logos/apple-touch-icon-120x120.png">\n <link rel="apple-touch-icon" sizes="152x152" href="https://sentry.<Domain>.com/_static/1644305982/sentry/images/logos/apple-touch-icon-152x152.png">\n\n <link rel="mask-icon" sizes="any" href="https://sentry.<Domain>.com/_static/1644305982/sentry/images/logos/logo-sentry.svg" color="#FB4226">\n\n <link href="/_static/dist/sentry/entrypoints/sentry.css?v=e1ddac618a9d9a1656276e72970f61bba178d9f5" rel="stylesheet"/>\n\n \n\n <title>CSRF Verification Failed | Sentry</title>\n\n \n <script>window.__initialData = {"singleOrganization":true,"supportEmail":"<Email>","urlPrefix":"https://sentry.<Domain>.com","version":{"current":"21.8.0","latest":"21.8.0","build":"e1ddac618a9d9a1656276e72970f61bba178d9f5","upgradeAvailable":false},"features":["auth:register"],"distPrefix":"/_static/dist/sentry/","needsUpgrade":false,"dsn":"<DSN>@sentry.<Domain>.com/1","dsn_requests":"","statuspage":null,"messages":[],"apmSampling":0.0,"isOnPremise":true,"invitesEnabled":true,"gravatarBaseUrl":"https://secure.gravatar.com","termsUrl":null,"privacyUrl":null,"lastOrganization":null,"languageCode":"en","userIdentity":{"ip_address":"103.196.32.11"},"csrfCookieName":"sc","sentryConfig":{"dsn":"https://<DSN>@sentry.<Domain>.com/1","release":"e1ddac618a9d9a1656276e72970f61bba178d9f5","environment":"production","whitelistUrls":[]},"demoMode":false,"isAuthenticated":false,"user":null};</script>\n \n\n <script>// if the ads.js file loads below it will mark this variable as false\n window.adblockSuspected = true;\n // Initialize this so that we can queue up tasks when Sentry SPA is initialized\n window.__onSentryInit = window.__onSentryInit || [];</script>\n\n <script>try {\n var reg = new RegExp(/\\/organizations\\/(.+?(?=(\\/|$)))(\\/|$)/, \'i\');\n var organization = window.location.pathname;\n var slug = organization.match(reg)[1];\n\n function promiseRequest(url) {\n return new Promise(function (resolve, reject) {\n var xhr = new XMLHttpRequest();\n xhr.open(\'GET\', url);\n xhr.onload = function () {\n try {\n this.status >= 200 && this.status < 300\n ? resolve(JSON.parse(xhr.response))\n : reject([this.status, this.statusText]);\n } catch(e) {\n reject();\n
From the platform perspective, it is running completely fine but when we are trying to POST the data we are getting 403 error.
Could you help us in solving the same ?
This was resolved by changing redirection in ingress from sentry to nginx.
Hi, I have deployed sentry helm chart: https://github.com/sentry-kubernetes/charts/tree/develop/sentry
I am getting below error: **CSRF Verification Failed A required security token was not found or was invalid.
If you're continually seeing this issue, try the following:
Clear cookies (at least for Sentry's domain). Reload the page you're trying to submit (don't re-submit data). Re-enter the information, and submit the form again. Read more about CSRF on Wikipedia.**
API:
I have created ingress for the sentry service and mapped my organization's domain with it.
Can someone please help!
Hi
We are trying to run sentry on Kubernetes.
version: 11.9.0 appVersion: 21.8.0
We have Nginx enabled and ingress disabled.Also tried with both nginx config files.
`
upstream relay { server sentry-relay:3000; }
`
upstream relay { server sentry-relay:3000; }
########################################################################################## Below are the logs of sentry-web : ##########################################################################################
11:05:49 [ERROR] sentry_sdk.errors: Unexpected status code: 403 (body: b'\n\n\n\n\n\n\n\n\n\n<!DOCTYPE html>\n<html lang="en">\n<head>\n <meta http-equiv="content-type" content="text/html; charset=utf-8">\n <meta name="robots" content="NONE,NOARCHIVE">\n <meta name="viewport" content="width=device-width, initial-scale=1">\n <meta name="theme-color" content="#000000">\n\n <link rel="icon" type="image/png" href="https://<DOMAIN>/_static/1644231387/sentry/images/favicon.png">\n\n <link rel="apple-touch-icon" href="https://<DOMAIN>/_static/1644231387/sentry/images/logos/apple-touch-icon.png">\n <link rel="apple-touch-icon" sizes="76x76" href="https://<DOMAIN>/_static/1644231387/sentry/images/logos/apple-touch-icon-76x76.png">\n <link rel="apple-touch-icon" sizes="120x120" href="https://<DOMAIN>/_static/1644231387/sentry/images/logos/apple-touch-icon-120x120.png">\n <link rel="apple-touch-icon" sizes="152x152" href="https://<DOMAIN>/_static/1644231387/sentry/images/logos/apple-touch-icon-152x152.png">\n\n <link rel="mask-icon" sizes="any" href="https://<Domain>/_static/1644231387/sentry/images/logos/logo-sentry.svg" color="#FB4226">\n\n <link href="/_static/dist/sentry/entrypoints/sentry.css?v=e1ddac618a9d9a1656276e72970f61bba178d9f5" rel="stylesheet"/>\n\n \n\n <title>CSRF Verification Failed | Sentry</title>\n\n \n <script>window.__initialData = {"singleOrganization":true,"supportEmail":"<MAILID>","urlPrefix":"https://<DomainName>","version":{"current":"21.8.0","latest":"22.1.0","build":"e1ddac618a9d9a1656276e72970f61bba178d9f5","upgradeAvailable":true},"features":["auth:register"],"distPrefix":"/_static/dist/sentry/","needsUpgrade":false,"dsn":"<DSN>","dsn_requests":"","statuspage":null,"messages":[],"apmSampling":0.0,"isOnPremise":true,"invitesEnabled":true,"gravatarBaseUrl":"https://secure.gravatar.com","termsUrl":null,"privacyUrl":null,"lastOrganization":null,"languageCode":"en","userIdentity":{"ip_address":"<ip address>"},"csrfCookieName":"sc","sentryConfig":{"dsn":"<DSN>","release":"e1ddac618a9d9a1656276e72970f61bba178d9f5","environment":"production","whitelistUrls":[]},"demoMode":false,"isAuthenticated":false,"user":null};</script>\n \n\n <script>// if the ads.js file loads below it will mark this variable as false\n window.adblockSuspected = true;\n // Initialize this so that we can queue up tasks when Sentry SPA is initialized\n window.__onSentryInit = window.__onSentryInit || [];</script>\n\n <script>try {\n var reg = new RegExp(/\\/organizations\\/(.+?(?=(\\/|$)))(\\/|$)/, \'i\');\n var organization = window.location.pathname;\n var slug = organization.match(reg)[1];\n\n function promiseRequest(url) {\n return new Promise(function (resolve, reject) {\n var xhr = new XMLHttpRequest();\n xhr.open(\'GET\', url);\n xhr.onload = function () {\n try {\n this.status >= 200 && this.status < 300\n ? resolve(JSON.parse(xhr.response))\n : reject([this.status, this.statusText]);\n } catch(e) {\n reject();\n }\n };\n xhr.onerror = function () {\n reject([this.status, this.statusText]);\n };\n xhr.send();\n });\n }\n\n function makeUrl(suffix) {\n return \'/api/0/organizations/\' + slug + suffix;\n }\n\n\n // There are probably more, but this is at least one case where\n // this should not be treated as a slug\n if (slug !== \'new\') {\n var preloadPromises = { orgSlug: slug };\n window.__sentry_preload = preloadPromises;\n\n preloadPromises[\'organization?detailed=0\'] = promiseRequest(makeUrl(\'/?detailed=0\'));\n preloadPromises.projects = promiseRequest(makeUrl(\'/projects/?all_projects=1&collapse=latestDeploys\'));\n preloadPromises.teams = promiseRequest(makeUrl(\'/teams/\'));\n }\n } catch(_) {}</script>\n\n \n \n \n <script src="/_static/dist/sentry/entrypoints/app.js?v=e1ddac618a9d9a1656276e72970f61bba178d9f5"></script>\n \n\n \n \n\n \n <script src="/_static/1644231387/sentry/js/ads.js"></script>\n \n</head>\n\n<body class=" narrow">\n \n <div class="app">\n \n\n \n \n\n\n<div id="blk_alerts" class="messages-container"></div>\n<div id="blk_indicators"></div>\n\n<script>window.__onSentryInit = window.__onSentryInit || [];\n window.__onSentryInit.push({\n name: \'renderReact\',\n component: \'SystemAlerts\',\n container: \'#blk_alerts\',\n props: {\n className: \'alert-list\',\n },\n });\n window.__onSentryInit.push({\n name: \'renderReact \',\n component: \'Indicators\',\n container: \'#blk_indicators\',\n props: {\n className: \'indicators-container\',\n },\n });</script>\n\n\n\n \n\n <div class="container">\n <div class="content">\n \n<div class="pattern-bg"></div>\n<section class="org-login">\n <div class="box box-modal">\n <div class="box-header">\n \n \n \n \n <a class="logo-with-action" href="/">\n \n <span class="icon-sentry-logo-full"></span>\n \n \n </a>\n \n </div>\n <div class="box-content with-padding">\n \n <section class="body">\n <div class="page-header">\n <h2>CSRF Verification Failed</h2>\n </div>\n\n <p>A required security token was not found or was invalid.</p>\n\n <p>If you\'re continually seeing this issue, try the following:</p>\n\n <ol>\n <li>Clear cookies (at least for Sentry\'s domain).</li>\n <li>Reload the page you\'re trying to submit (don\'t re-submit data).</li>\n <li>Re-enter the information, and submit the form again.</li>\n </ol>\n\n \n <p>You are seeing this message because Sentry requires a \'Referer\n header\' to be sent by your Web browser, but none was sent. This header is\n required for security reasons, to ensure that your browser is not being\n hijacked by third parties.</p>\n\n <p>If you have configured your browser to disable \'Referer\' headers, please\n re-enable them, at least for this site, or for HTTPS connections, or for\n \'same-origin\' requests.</p>\n \n\n <p>Read more about <a href="http://en.wikipedia.org/wiki/Cross-site_request_forgery">CSRF on Wikipedia</a>.</p>\n </section>\n\n </div>\n </div>\n</section>\n\n </div>\n </div>\n </div>\n \n\n \n \n <script>document.addEventListener(\'DOMContentLoaded\', function() {\n const el = document.querySelector(\'#sign-out\');\n if (el) {\n el.addEventListener(\'click\', function() {\n document.modalLogoutForm.submit();\n });\n }\n });</script>\n\n</body>\n</html>\n')
##########################################################################################Please suggest what else we can try.