When using the JavaScript SDK, I was surprised to receive events from non-whitelisted URLs which originated from Raven.captureMessage. In the end, I needed to re-implement this whitelisting in a wrapper around Raven.captureMessage. Does this feel like a bug to you?
This is pretty important for us because captureMessage is used in the default ember-cli-sentry addon for unhandled promise rejections. People run a bunch of custom scripts/bots that generate a lot of unhandled promise rejections, and those are not getting filtered out because they don’t reject with errors, so the sentry addon uses captureMessage, which bypasses the whitelistUrls.