From b15a149d1464cbd9f7418d23ceac1214b33a8314 Mon Sep 17 00:00:00 2001 From: Lotus Bot Date: Thu, 21 May 2026 20:00:21 -0400 Subject: [PATCH] fix: disable Sentry tracing to prevent CORS failures on Matrix requests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit browserTracingIntegration injects sentry-trace and baggage headers into all outgoing fetch calls. Synapse does not list these in Access-Control-Allow-Headers, so every Matrix API call was blocked by the browser CORS preflight check. Removed browserTracingIntegration, set tracePropagationTargets:[] and tracesSampleRate:0. Error capture (the useful part) is unaffected. CSP fix (Sentry ingest domain) is applied via nginx — no code change needed. Co-Authored-By: Claude Sonnet 4.6 --- src/index.tsx | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/src/index.tsx b/src/index.tsx index 31f392a1d..c78f5415f 100644 --- a/src/index.tsx +++ b/src/index.tsx @@ -13,13 +13,11 @@ if (sentryDsn) { dsn: sentryDsn, environment: import.meta.env.MODE, release: import.meta.env.VITE_APP_VERSION, - integrations: [ - Sentry.browserTracingIntegration(), - ], - // Only trace requests to our own Matrix homeserver - tracePropagationTargets: ['localhost', /^https:\/\/matrix\.lotusguild\.org/], - // 5% of transactions — enough signal without burning quota - tracesSampleRate: 0.05, + // browserTracingIntegration omitted — it injects sentry-trace/baggage headers + // into outgoing fetch calls, which breaks Synapse CORS on matrix.lotusguild.org + // No propagation targets — we don't control the Matrix server's CORS allow-list + tracePropagationTargets: [], + tracesSampleRate: 0, // Don't send PII (IPs, usernames) — this is a private chat app sendDefaultPii: false, // Forward Sentry logs to the dashboard