We’re running a 9.1.2 on-prem installation and recently updated our client-side SDKs. Since running sentry-cocoa 5.1.0 in our clients we don’t seem to properly receive events from them anymore. Specifically in the sentry logs we see references to missing referer headers and CSRF tokens.
My current understanding is (and given that I dug through a bunch of code but found no references anywhere, I’d love to hear some insight from someone):
- the endpoint /api/xy/envelope/ is actually not part of sentry but sentry-relay
- it is definitely not in our sentry 9.1.2 on-prem installationand it probably just defaults to checking CSRF tokens first
- sentry-cocoa 5 upgraded to use the envelope endpoint; from what I’ve roughly gathered of the SDK source this is expected default behaviour (which of course is fine for the main use case of running against sentry.io)
Am I correct to assume that our current setup just can’t work like this? What would be our options?
- can we introduce sentry-relay with our 9.1.2 version (I doubt it?)
- I suppose downgrading the SDK would be a temporary option
- can we run the sentry-cocoa SDK 5 without running sentry-relay somehow? Are there any config flags I’m missing?
Thanks in advance for any feedback
