CORS error on self-hosted sentry


I’m getting an error when my UI tries to make requests to my self-hosted sentry:

Access to fetch at ‘http://<SENTRY_HOST>:9000/api/2/envelope/?sentry_key=<SENTRY_KEY>’ from origin ‘http://<UI_HOST>’ has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space private.

I have installed the 22.3.0 sentry version and the 6.19.3 @sentry/angular.

The “Allowed Domains” setting is “*”.

Has anyone had with this kind of issue?

So, it turns out this issue is caused by the Private Network Access specification (Private Network Access). I confirmed this because when I disable the chrome flag chrome://flags/#block-insecure-private-network-requests it worked. Obviously, I cannot ask every client to disable this flag on their browser.

The workaround I did was the tunnel option that sentry has (Sentry Tunnel). So basically, I created a php script similar to the one described in the link above which redirects the request to my sentry and therefore bypasses the browser thus not causing the CORS issue. It’s not ideal, but it works