CSRF Verification Failed

[luckylooke]

• [ x ] Review the documentation: https://docs.sentry.io/
• [ x ] Search for existing issues: https://github.com/getsentry/sentry-javascript/issues
• [ x ] Use the latest release: https://github.com/getsentry/sentry-javascript/releases
• [ N/A ] Provide a link to the affected event from your Sentry account

Package + Version

"@sentry/vue": "6.2.2",

"dependencies": {
    "@sentry/browser": "6.2.2",
    "@sentry/core": "6.2.2",
    "@sentry/minimal": "6.2.2",
    "@sentry/types": "6.2.2",
    "@sentry/utils": "6.2.2",
    "tslib": "^1.9.3"
  },

Version:

6.2.2

Description

I have difficulties with logging vue errors to sentry, I am not sure whether there is no interference between @sentry/vue and laravel integration... back-end is developed by colleague and he said that it is front-end problem to make it work, that he don't see options on his side :/

I am getting 403 on every request to sentry

CSRF Verification Failed
A required security token was not found or was invalid.
If you're continually seeing this issue, try the following:
Clear cookies (at least for Sentry's domain).
Reload the page you're trying to submit (don't re-submit data).
Re-enter the information, and submit the form again.
Read more about CSRF on Wikipedia.
API Docs Contribute Migrate to SaaS
Sentry 9.1.2  

Request send by integration:

Request URL: https://sentry-internal.ourdomain.tld/api/77/envelope/?sentry_key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXX&sentry_version=7
Request Method: POST
Status Code: 403 
Remote Address: 10.10.0.154:443
Referrer Policy: origin

<RESPONSE HEADERS>
access-control-allow-origin: *
content-encoding: gzip
content-language: en
content-type: text/html
date: Thu, 18 Mar 2021 08:52:17 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Language, Cookie
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block

<REQUEST HEADERS>
:authority: sentry-internal.websupport.sk
:method: POST
:path: /api/77/envelope/?sentry_key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXX&sentry_version=7
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: no-cache
content-length: 392
content-type: text/plain;charset=UTF-8
origin: https://web.staging.ourdomain.tld
pragma: no-cache
referer: https://web.staging.ourdomain.tld/
sec-ch-ua: "Google Chrome";v="89", "Chromium";v="89", ";Not A Brand";v="99"
sec-ch-ua-mobile: ?0
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36

<QUERY STRING PARAMETERS>
sentry_key: XXXXXXXXXXXXXXXXXXXXXXXXXXX
sentry_version: 7

<PAYLOAD>
{"sent_at":"2021-03-18T08:52:17.111Z","sdk":{"name":"sentry.javascript.vue","version":"6.2.1"}}
{"type":"session"}
{"sid":"cfc89951460947aaa9e01b125a03a148","init":true,"started":"2021-03-18T08:52:17.110Z","timestamp":"2021-03-18T08:52:17.110Z","status":"ok","errors":0,"duration":0,"attrs":{"release":"Thu Mar 11 2021 07:22:14 GMT+0000 (Coordinated Universal Time)","environment":"staging"}}

I can see version mismatch sentry_version: 7 and in response Sentry 9.1.2 , but I haven't found option to modify it anywhere. IMHO could be also problem.

Please any hint? 🙏

[luckylooke]

Fixed by downgrading vue integration version from @sentry/vue@6.2.2 to @sentry/vue@5.30.0. 👍

It is due to we are not using latest sentry on BE 🤷‍♂️ :)

[wukang0718]

Where can I view the document?
@sentry/vue@5.30.0