Adding Sentry to codebase results in Dgraph throwing CORS errors

[matthewmcneely]

Discussed in https://github.com/orgs/dgraph-io/discussions/8916

^{Originally posted by benwoodward July 24, 2023}

Access to fetch at 'http://localhost:8080/graphql' from origin 'http://localhost:5173' has been blocked by CORS policy: Request header field baggage is not allowed by Access-Control-Allow-Headers in preflight response.

Sentry adds a Baggage header (as well as sentry-trace), and they suggest that you configure your backend server to allow these headers, however, I don't think there's a way to do that in Dgraph? Should this be a feature request?

It seems I should be able to add the following to my schema, but I can't:

# Dgraph.Allow-Headers baggage

For the time being, I will write some logic that intercepts any requests to Dgraph and strips the headers.

EDIT: Here's how to prevent the headers from being added to specific requests:

python: https://docs.sentry.io/platforms/python/usage/distributed-tracing/limiting-trace-propagation/
js: https://docs.sentry.io/platforms/javascript/performance/instrumentation/automatic-instrumentation/