New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The URL for sending CSP reports doesn't work #613
Comments
I'm using the relay. I just used the install.sh file and enabled SSL. I get the following errors in the relay log:
|
Additionally the minidump url works... |
The logs you shared suggest otherwise. The 404 and 403 errors and the UWSGIHandler suggest that those requests are going to sentry-web instead of relay. I'd check your Nginx config to make sure you have the correct routing (if you are using our repo without modification, this is done already). Your relay logs suggest your relay instance cannot reach sentry-web or kafka. The kafka issue seems like a network routing issue but the sentry-web one seems like a DNS issue, at least to begin with. |
Just tried a fresh install from master. The errors above only appear when installing for the first time. Everything seems to be running fine. However, the security endpoint still results in a 404. |
Okay that was some confusion between us. Can you just make sure that request is hitting Relay and not Sentry Web? |
@niekberenschot where did you get these URLs from? The "Client Keys" settings page should render the correct "Security Header Endpoint", which points to Are you manually creating a CSP request or is your browser issuing one? |
When trying the DSN url it will result in a 404 error:
Line from nginx log:
"POST /api/8/security/?sentry_key= HTTP/1.0" 404 22 "-"
All the other urls for example 'csp' instead of 'security' will result in a 403.
Line from web log:
[WARNING] django.security.csrf: Forbidden (CSRF cookie not set.): /api/8/csp/ (status_code=403 request=<WSGIRequest: POST u'/api/8/csp/?sentry_key='>)
I don't know why the CSP end-point isn't found.
For the other url's i think the expected status code should be a 404.
The text was updated successfully, but these errors were encountered: