Skip to content

normalize double slash in SENTRY_DSN to avoid 403 CSRF error #8049

Description

@lambdaq

I am using the latest on-premise docker image of sentry

in sentry/models/projectkey.py

the return '%s%s?sentry_key=%s' syntax has a serious potential bug.

If in /manage/settings -> General -> Root URL we have an ending tail slash, then at the page

XXX/XXX_proj/settings/keys/ the DSN, CSP endpoint would have duplicate double slash

Others have reported the bug ealier https://forum.sentry.io/t/csrf-verification-failed/2901

We should normalize the DSN URL.

Beside, on 403-csrf-falure.html we should add extra notes for this behavior.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions