search

sentry-kubernetes / charts

Easily deploy Sentry on your Kubernetes Cluster
MIT License
1.05k stars 505 forks source link

sentry_sdk.errors: Unexpected status code: 403 [ CSRF Verification Failed ] #568

Closed avanisinghal1 closed 2 years ago

avanisinghal1 commented 2 years ago

Hi

We are trying to run sentry on Kubernetes.

version: 11.9.0 appVersion: 21.8.0

We have Nginx enabled and ingress disabled.Also tried with both nginx config files.

`
upstream relay { server sentry-relay:3000; }

upstream sentry {
  server sentry-nginx:80;
}

server {
  listen 8080;

  proxy_redirect off;
  proxy_set_header Host $host;

  location /api/store/ {
    proxy_pass http://relay;
  }

  location ~ ^/api/[1-9]\d*/ {
    proxy_pass http://relay;
  }

  location / {
    proxy_pass http://sentry;
  }
}`

`
upstream relay { server sentry-relay:3000; }

upstream sentry {
  server sentry-web:9000;
}

server {
  listen 8080;

  proxy_redirect off;
  proxy_set_header Host $host;

  location /api/store/ {
    proxy_pass http://relay;
  }

  location ~ ^/api/[1-9]\d*/ {
    proxy_pass http://relay;
  }

  location / {
    proxy_pass http://sentry;
  }
}`

########################################################################################## Below are the logs of sentry-web : ##########################################################################################

11:05:49 [ERROR] sentry_sdk.errors: Unexpected status code: 403 (body: b'\n\n\n\n\n\n\n\n\n\n<!DOCTYPE html>\n<html lang="en">\n<head>\n <meta http-equiv="content-type" content="text/html; charset=utf-8">\n <meta name="robots" content="NONE,NOARCHIVE">\n <meta name="viewport" content="width=device-width, initial-scale=1">\n <meta name="theme-color" content="#000000">\n\n <link rel="icon" type="image/png" href="https://<DOMAIN>/_static/1644231387/sentry/images/favicon.png">\n\n <link rel="apple-touch-icon" href="https://<DOMAIN>/_static/1644231387/sentry/images/logos/apple-touch-icon.png">\n <link rel="apple-touch-icon" sizes="76x76" href="https://<DOMAIN>/_static/1644231387/sentry/images/logos/apple-touch-icon-76x76.png">\n <link rel="apple-touch-icon" sizes="120x120" href="https://<DOMAIN>/_static/1644231387/sentry/images/logos/apple-touch-icon-120x120.png">\n <link rel="apple-touch-icon" sizes="152x152" href="https://<DOMAIN>/_static/1644231387/sentry/images/logos/apple-touch-icon-152x152.png">\n\n <link rel="mask-icon" sizes="any" href="https://<Domain>/_static/1644231387/sentry/images/logos/logo-sentry.svg" color="#FB4226">\n\n <link href="/_static/dist/sentry/entrypoints/sentry.css?v=e1ddac618a9d9a1656276e72970f61bba178d9f5" rel="stylesheet"/>\n\n \n\n <title>CSRF Verification Failed | Sentry</title>\n\n \n <script>window.__initialData = {"singleOrganization":true,"supportEmail":"<MAILID>","urlPrefix":"https://<DomainName>","version":{"current":"21.8.0","latest":"22.1.0","build":"e1ddac618a9d9a1656276e72970f61bba178d9f5","upgradeAvailable":true},"features":["auth:register"],"distPrefix":"/_static/dist/sentry/","needsUpgrade":false,"dsn":"<DSN>","dsn_requests":"","statuspage":null,"messages":[],"apmSampling":0.0,"isOnPremise":true,"invitesEnabled":true,"gravatarBaseUrl":"https://secure.gravatar.com","termsUrl":null,"privacyUrl":null,"lastOrganization":null,"languageCode":"en","userIdentity":{"ip_address":"<ip address>"},"csrfCookieName":"sc","sentryConfig":{"dsn":"<DSN>","release":"e1ddac618a9d9a1656276e72970f61bba178d9f5","environment":"production","whitelistUrls":[]},"demoMode":false,"isAuthenticated":false,"user":null};</script>\n \n\n <script>// if the ads.js file loads below it will mark this variable as false\n window.adblockSuspected = true;\n // Initialize this so that we can queue up tasks when Sentry SPA is initialized\n window.__onSentryInit = window.__onSentryInit || [];</script>\n\n <script>try {\n var reg = new RegExp(/\\/organizations\\/(.+?(?=(\\/|$)))(\\/|$)/, \'i\');\n var organization = window.location.pathname;\n var slug = organization.match(reg)[1];\n\n function promiseRequest(url) {\n return new Promise(function (resolve, reject) {\n var xhr = new XMLHttpRequest();\n xhr.open(\'GET\', url);\n xhr.onload = function () {\n try {\n this.status >= 200 && this.status < 300\n ? resolve(JSON.parse(xhr.response))\n : reject([this.status, this.statusText]);\n } catch(e) {\n reject();\n }\n };\n xhr.onerror = function () {\n reject([this.status, this.statusText]);\n };\n xhr.send();\n });\n }\n\n function makeUrl(suffix) {\n return \'/api/0/organizations/\' + slug + suffix;\n }\n\n\n // There are probably more, but this is at least one case where\n // this should not be treated as a slug\n if (slug !== \'new\') {\n var preloadPromises = { orgSlug: slug };\n window.__sentry_preload = preloadPromises;\n\n preloadPromises[\'organization?detailed=0\'] = promiseRequest(makeUrl(\'/?detailed=0\'));\n preloadPromises.projects = promiseRequest(makeUrl(\'/projects/?all_projects=1&collapse=latestDeploys\'));\n preloadPromises.teams = promiseRequest(makeUrl(\'/teams/\'));\n }\n } catch(_) {}</script>\n\n \n \n \n <script src="/_static/dist/sentry/entrypoints/app.js?v=e1ddac618a9d9a1656276e72970f61bba178d9f5"></script>\n \n\n \n \n\n \n <script src="/_static/1644231387/sentry/js/ads.js"></script>\n \n</head>\n\n<body class=" narrow">\n \n <div class="app">\n \n\n \n \n\n\n<div id="blk_alerts" class="messages-container"></div>\n<div id="blk_indicators"></div>\n\n<script>window.__onSentryInit = window.__onSentryInit || [];\n window.__onSentryInit.push({\n name: \'renderReact\',\n component: \'SystemAlerts\',\n container: \'#blk_alerts\',\n props: {\n className: \'alert-list\',\n },\n });\n window.__onSentryInit.push({\n name: \'renderReact \',\n component: \'Indicators\',\n container: \'#blk_indicators\',\n props: {\n className: \'indicators-container\',\n },\n });</script>\n\n\n\n \n\n <div class="container">\n <div class="content">\n \n<div class="pattern-bg"></div>\n<section class="org-login">\n <div class="box box-modal">\n <div class="box-header">\n \n \n \n \n <a class="logo-with-action" href="/">\n \n <span class="icon-sentry-logo-full"></span>\n \n \n </a>\n \n </div>\n <div class="box-content with-padding">\n \n <section class="body">\n <div class="page-header">\n <h2>CSRF Verification Failed</h2>\n </div>\n\n <p>A required security token was not found or was invalid.</p>\n\n <p>If you\'re continually seeing this issue, try the following:</p>\n\n <ol>\n <li>Clear cookies (at least for Sentry\'s domain).</li>\n <li>Reload the page you\'re trying to submit (don\'t re-submit data).</li>\n <li>Re-enter the information, and submit the form again.</li>\n </ol>\n\n \n <p>You are seeing this message because Sentry requires a \'Referer\n header\' to be sent by your Web browser, but none was sent. This header is\n required for security reasons, to ensure that your browser is not being\n hijacked by third parties.</p>\n\n <p>If you have configured your browser to disable \'Referer\' headers, please\n re-enable them, at least for this site, or for HTTPS connections, or for\n \'same-origin\' requests.</p>\n \n\n <p>Read more about <a href="http://en.wikipedia.org/wiki/Cross-site_request_forgery">CSRF on Wikipedia</a>.</p>\n </section>\n\n </div>\n </div>\n</section>\n\n </div>\n </div>\n </div>\n \n\n \n \n <script>document.addEventListener(\'DOMContentLoaded\', function() {\n const el = document.querySelector(\'#sign-out\');\n if (el) {\n el.addEventListener(\'click\', function() {\n document.modalLogoutForm.submit();\n });\n }\n });</script>\n\n</body>\n</html>\n') ##########################################################################################

Please suggest what else we can try.

bmaniar commented 2 years ago

We have tried the same thing with a completely clean setup and got the same error

08:35:21 [ERROR] sentry_sdk.errors: Unexpected status code: 403 (body: b'\n\n\n\n\n\n\n\n\n\n<!DOCTYPE html>\n<html lang="en">\n<head>\n <meta http-equiv="content-type" content="text/html; charset=utf-8">\n <meta name="robots" content="NONE,NOARCHIVE">\n <meta name="viewport" content="width=device-width, initial-scale=1">\n <meta name="theme-color" content="#000000">\n\n <link rel="icon" type="image/png" href="https://sentry.<Domain>.com/_static/1644305982/sentry/images/favicon.png">\n\n <link rel="apple-touch-icon" href="https://sentry.<Domain>.com/_static/1644305982/sentry/images/logos/apple-touch-icon.png">\n <link rel="apple-touch-icon" sizes="76x76" href="https://sentry.<Domain>.com/_static/1644305982/sentry/images/logos/apple-touch-icon-76x76.png">\n <link rel="apple-touch-icon" sizes="120x120" href="https://sentry.<Domain>.com/_static/1644305982/sentry/images/logos/apple-touch-icon-120x120.png">\n <link rel="apple-touch-icon" sizes="152x152" href="https://sentry.<Domain>.com/_static/1644305982/sentry/images/logos/apple-touch-icon-152x152.png">\n\n <link rel="mask-icon" sizes="any" href="https://sentry.<Domain>.com/_static/1644305982/sentry/images/logos/logo-sentry.svg" color="#FB4226">\n\n <link href="/_static/dist/sentry/entrypoints/sentry.css?v=e1ddac618a9d9a1656276e72970f61bba178d9f5" rel="stylesheet"/>\n\n \n\n <title>CSRF Verification Failed | Sentry</title>\n\n \n <script>window.__initialData = {"singleOrganization":true,"supportEmail":"<Email>","urlPrefix":"https://sentry.<Domain>.com","version":{"current":"21.8.0","latest":"21.8.0","build":"e1ddac618a9d9a1656276e72970f61bba178d9f5","upgradeAvailable":false},"features":["auth:register"],"distPrefix":"/_static/dist/sentry/","needsUpgrade":false,"dsn":"<DSN>@sentry.<Domain>.com/1","dsn_requests":"","statuspage":null,"messages":[],"apmSampling":0.0,"isOnPremise":true,"invitesEnabled":true,"gravatarBaseUrl":"https://secure.gravatar.com","termsUrl":null,"privacyUrl":null,"lastOrganization":null,"languageCode":"en","userIdentity":{"ip_address":"103.196.32.11"},"csrfCookieName":"sc","sentryConfig":{"dsn":"https://<DSN>@sentry.<Domain>.com/1","release":"e1ddac618a9d9a1656276e72970f61bba178d9f5","environment":"production","whitelistUrls":[]},"demoMode":false,"isAuthenticated":false,"user":null};</script>\n \n\n <script>// if the ads.js file loads below it will mark this variable as false\n window.adblockSuspected = true;\n // Initialize this so that we can queue up tasks when Sentry SPA is initialized\n window.__onSentryInit = window.__onSentryInit || [];</script>\n\n <script>try {\n var reg = new RegExp(/\\/organizations\\/(.+?(?=(\\/|$)))(\\/|$)/, \'i\');\n var organization = window.location.pathname;\n var slug = organization.match(reg)[1];\n\n function promiseRequest(url) {\n return new Promise(function (resolve, reject) {\n var xhr = new XMLHttpRequest();\n xhr.open(\'GET\', url);\n xhr.onload = function () {\n try {\n this.status >= 200 && this.status < 300\n ? resolve(JSON.parse(xhr.response))\n : reject([this.status, this.statusText]);\n } catch(e) {\n reject();\n

From the platform perspective, it is running completely fine but when we are trying to POST the data we are getting 403 error.

Could you help us in solving the same ?

avanisinghal1 commented 2 years ago

This was resolved by changing redirection in ingress from sentry to nginx.

guptadeepali39 commented 2 years ago

Hi, I have deployed sentry helm chart: https://github.com/sentry-kubernetes/charts/tree/develop/sentry

I am getting below error: **CSRF Verification Failed A required security token was not found or was invalid.

If you're continually seeing this issue, try the following:

Clear cookies (at least for Sentry's domain). Reload the page you're trying to submit (don't re-submit data). Re-enter the information, and submit the form again. Read more about CSRF on Wikipedia.**

API: /api/3/envelope/?sentry_key=&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F7.11.1

I have created ingress for the sentry service and mapped my organization's domain with it.

Can someone please help!