Skip to content

ref(seer): Reapply JWT proxy_headers for Seer callbacks#113499

Merged
gricha merged 1 commit intomasterfrom
gricha/fix/restore-jwt-proxy-headers
Apr 21, 2026
Merged

ref(seer): Reapply JWT proxy_headers for Seer callbacks#113499
gricha merged 1 commit intomasterfrom
gricha/fix/restore-jwt-proxy-headers

Conversation

@gricha
Copy link
Copy Markdown
Member

@gricha gricha commented Apr 20, 2026

Reapply the JWT X-Viewer-Context proxy header format for Seer callback
requests.

This restores the earlier change that switched Code Mode proxy headers from the
legacy JSON+HMAC pair to the single JWT X-Viewer-Context header. The revert
was used as a mitigation while we investigated auth failures in production.

I want to keep this change ready to land again once the infrastructure-side
routing/header issue is resolved. Restoring it here makes the intended callback
auth format explicit again and keeps the tests aligned with the JWT path.

This only reapplies the previous behavior; it does not attempt to address the
infra issue in this PR.

@github-actions github-actions Bot added the Scope: Backend Automatically applied to PRs that change backend components label Apr 20, 2026
@gricha gricha marked this pull request as ready for review April 21, 2026 16:28
@gricha gricha requested a review from a team as a code owner April 21, 2026 16:28
@gricha gricha requested a review from azulus April 21, 2026 16:28
@gricha gricha force-pushed the gricha/fix/restore-jwt-proxy-headers branch from 68a0f8c to 6c3de87 Compare April 21, 2026 19:55
@gricha gricha mentioned this pull request Apr 21, 2026
Merged
@gricha gricha requested a review from a team as a code owner April 21, 2026 20:18
@gricha gricha force-pushed the gricha/fix/restore-jwt-proxy-headers branch from 73ac432 to 3da5980 Compare April 21, 2026 21:30
@gricha gricha merged commit 0fa76dd into master Apr 21, 2026
56 checks passed
@gricha gricha deleted the gricha/fix/restore-jwt-proxy-headers branch April 21, 2026 22:04
gricha added a commit that referenced this pull request Apr 22, 2026
@gricha @codex
ref(viewer-context): Remove legacy header fallback (#113592)
cf24dfc 
Remove the legacy raw JSON plus `X-Viewer-Context-Signature` fallback
from Sentry and only accept JWT-based `X-Viewer-Context` headers.

This is the Sentry-side cleanup after restoring JWT proxy-header
propagation. With the JWT path in place, keeping the legacy branch only
preserves dead parsing logic in the viewer-context middleware and auth
layer. This also updates the Sentry tests that were still constructing
the two-header format so they exercise the current JWT contract instead.

This PR is stacked on top of #113499.
It should land after getsentry/seer#5902.

---------

Co-authored-by: OpenAI Codex <noreply@openai.com>
@sentry-release-bot sentry-release-bot Bot mentioned this pull request Apr 22, 2026
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@azulus azulus azulus approved these changes

Assignees

No one assigned

Labels

Scope: Backend Automatically applied to PRs that change backend components

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gricha @azulus