This won't ever match since we make _globalEndpoint protocol relative inside of _getGlobalServer.

Or rather, I'm operating under the assumption here that the url for the http request got normalized and added the protocol. Maybe that's a bad assumption?

What if we just did a substring match then? e.g. url.indexOf(self._globalEndpoint !== -1)

I could also use parseUrl and verify that host name and path match, omitting protocol.

What abotu checking for the public key anywhere int he url? That'd only exist in a url if it were bound for the sentry server since it should effectively be a UUID anyways.

That's a decent idea, but there's the possibility that somebody might somehow construct a URL to their own servers with the key ...

I mean, the same argument can be said about the checking for the presence of _globalEndpoint in a request bound for their servers.

If we want to be precise, we should validate the actual hostname, etc. It'd be marginally more expensive since doing this validation on every XHR request. So tradeoffs.

imo it's unlikely for someone to be kicking off requests to their own servers with the public key in the url, but it's your call.

Mmm. Let's go with looking for the token. I'd rather keep the impact super minimal and stick with indexOf if we can.