I’ve set up Sentry 20.12.1 on Kubernetes using this Helm chart: https://github.com/sentry-kubernetes/charts
Submitting events get:
[WARNING] django.security.csrf: Forbidden (Referer checking failed - no Referer.): /api/2/store/ (status_code=403 request=<WSGIRequest: POST '/api/2/store/'>)
I’m using my own ingress, Istio. What is the actual problem causing this forbidden status?
You need to be using Relay and Nginx in front of it do direct these requests to Relay.
I managed to solve it using Istio. In case anyone using Istio and running into this problem, I used this VirtualService:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: sentry-web
namespace: sentry
spec:
hosts:
- "mydomain"
gateways:
- 'my-gateway'
http:
- match:
- uri:
exact: /api/store/
route:
- destination:
port:
number: 3000
host: sentry-relay
- match:
- uri:
regex: .*/api/.*
route:
- destination:
port:
number: 3000
host: sentry-relay
- route:
- destination:
port:
number: 9000
host: sentry-web
This is a lazy translation of this: Event submission rejected by CSRF
This is incorrect, see https://github.com/getsentry/onpremise/blob/9a80a19fd1ffbddfe795f51fc620ce012fca15db/nginx/nginx.conf#L68
You need to direct api/0 to sentry-web as usual.
This should also be prefix not exact: https://github.com/getsentry/onpremise/blob/9a80a19fd1ffbddfe795f51fc620ce012fca15db/nginx/nginx.conf#L65
Hello! Changed to this:
http:
- match:
- uri:
prefix: /api/store/
route:
- destination:
port:
number: 3000
host: sentry-relay
- match:
- uri:
regex: ^/api/[1-9]\d*/store/
route:
- destination:
port:
number: 3000
host: sentry-relay
Am I missing any case?
1 Like
I think this is fine now 
Thank you very much for your advice. 
1 Like
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.