UNPKG

@sentry/core

Version:

Base implementation for all Sentry JavaScript SDKs

github.com/getsentry/sentry-javascript/tree/master/packages/core

getsentry/sentry-javascript

75 lines (61 loc) 2.37 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' }); const api = require('../api.js'); const debugLogger = require('./debug-logger.js'); const dsn = require('./dsn.js'); const envelope = require('./envelope.js'); /** * Core Sentry tunnel handler - framework agnostic. * * Validates the envelope DSN against allowed DSNs, then forwards the * envelope to the Sentry ingest endpoint. * * @returns A `Response` — either the upstream Sentry response on success, or an error response. */ async function handleTunnelRequest(options) { const { request, allowedDsns } = options; if (allowedDsns.length === 0) { return new Response('Tunnel not configured', { status: 500 }); } const body = new Uint8Array(await request.arrayBuffer()); let envelopeHeader; try { [envelopeHeader] = envelope.parseEnvelope(body); } catch { return new Response('Invalid envelope', { status: 400 }); } if (!envelopeHeader) { return new Response('Invalid envelope: missing header', { status: 400 }); } const dsn$1 = envelopeHeader.dsn; if (!dsn$1) { return new Response('Invalid envelope: missing DSN', { status: 400 }); } // SECURITY: Validate that the envelope DSN matches one of the allowed DSNs // This prevents SSRF attacks where attackers send crafted envelopes // with malicious DSNs pointing to arbitrary hosts const isAllowed = allowedDsns.some(allowed => allowed === dsn$1); if (!isAllowed) { debugLogger.debug.warn(`Sentry tunnel: rejected request with unauthorized DSN (${dsn$1})`); return new Response('DSN not allowed', { status: 403 }); } const dsnComponents = dsn.makeDsn(dsn$1); if (!dsnComponents) { debugLogger.debug.warn(`Could not extract DSN Components from: ${dsn$1}`); return new Response('Invalid DSN', { status: 403 }); } const sentryIngestUrl = api.getEnvelopeEndpointWithUrlEncodedAuth(dsnComponents); try { return await fetch(sentryIngestUrl, { method: 'POST', headers: { 'Content-Type': 'application/x-sentry-envelope', }, body, }); } catch (error) { debugLogger.debug.error('Sentry tunnel: failed to forward envelope', error); return new Response('Failed to forward envelope to Sentry', { status: 500 }); } } exports.handleTunnelRequest = handleTunnelRequest; //# sourceMappingURL=tunnel.js.map