sentry-trace header being added to request to origin not in tracingOrigins

[amosbastian]

• Review the documentation: https://docs.sentry.io/
• Search for existing issues: https://github.com/getsentry/sentry-javascript/issues
• Use the latest release: https://github.com/getsentry/sentry-javascript/releases
• Provide a link to the affected event from your Sentry account

Package + Version

• @sentry/browser
• @sentry/node
• raven-js
• raven-node (raven for node)
• other:
  • @sentry/nextjs

Version:

^6.16.1

Description

We have Sentry initialised with

browserTracingOptions: {
  tracingOrigins: ["localhost", "joinlifex.com", "herokuapp.com", "vercel.app"],
},

but despite this the sentry-trace header is still being added to an outgoing request to our cookie solution:

Access to XMLHttpRequest at 'http://cdn.iubenda.com/cs/tcf/v2/vendorlist.121.json' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field sentry-trace is not allowed by Access-Control-Allow-Headers in preflight response.

I am confused why the header is being added despite http://cdn.iubenda.com/cs/tcf/v2/vendorlist.121.json not being in the list of tracingOrigins, but I'm probably missing something obvious! 😖

[lobsterkatie]

Hi, @amosbastian!

The trouble here is the way tracingOrigins is being specified - browserTracingOptions isn't a recognized config option for @sentry/nextjs. If you've found something which says it is, can you please let me know where, so I can remove it? The correct way to set up tracing origins is shown here: https://docs.sentry.io/platforms/javascript/guides/nextjs/performance/instrumentation/automatic-instrumentation/#tracingorigins.

Cheers!

[amosbastian]

Hi @lobsterkatie, thanks for the reply! I'm not sure where I got the idea that is a recognised config option, maybe it used to be like that and I just copied and pasted some code from a previous project? Not sure 😖

I've updated my config to include the correct way to set up tracing origins, but am now getting the following error:

TypeError: _sentry_nextjs__WEBPACK_IMPORTED_MODULE_0__.BrowserTracing is not a constructor
  12 |   tracesSampleRate: 1,
  13 |   integrations: [
> 14 |     new Sentry.BrowserTracing({
     |    ^

[lobsterkatie]

Shoot, sorry. You're right. That's our bad - we made a change to how BrowserTracing is exported but it didn't get applied to the nextjs SDK. I'm about to put up a PR to fix it.

[lobsterkatie]

UPDATE: This fix has now been released, in 6.17.4.