csp-report: ensure Sentry requests are made with SNI by alxndrsn · Pull Request #1411 · getodk/central

alxndrsn · 2025-10-16T13:03:40Z

Closes #1406

What has been done to verify that this works as intended?

Added new tests.

Why is this the best possible solution? Were any other approaches considered?

Nginx config change seems reasonable and minimal. Tests were required to understand the minimum nginx config required.

How does this change affect users? Describe intentional changes to behavior and behavior that could have accidentally been affected by code changes. In other words, what are the regression risks?

Should remove browser console errors relating to CSP report.

Does this change require updates to documentation? If so, please file an issue here and include the link below.

No.

Before submitting this PR, please make sure you have:

branched off and targeted the next branch OR only changed documentation/infrastructure (master is stable and used in production)
verified that any code or assets from external sources are properly credited in comments or that everything is internally sourced

test/nginx/mock-http-server/index.js

test/nginx/test-nginx.js

test/nginx/mock-http-server/good-key.pem

test/nginx/mock-http-server/index.js

matthew-white · 2025-10-21T16:48:45Z

I filed the original issue, and I'm excited to see this PR to close it out. ✨ That said, I'm heads-down on #1152 at the moment, so I think it'd work best for someone else to review. Say @brontolosone or @sadiqkhoja?

failing test: csp-report: handle upstream Sentry errors

662c772

alxndrsn marked this pull request as draft October 16, 2025 13:03

alxndrsn commented Oct 16, 2025

View reviewed changes

test/nginx/mock-http-server/index.js Outdated Show resolved Hide resolved

alxndrsn commented Oct 16, 2025

View reviewed changes

test/nginx/mock-http-server/index.js Outdated Show resolved Hide resolved

alxndrsn added 12 commits October 16, 2025 13:08

don't hardcode https host

459c0e6

ignore non socket error?

fa21001

Update error expewctations

6c2e7b4

check correct errr

2503c9a

tweak error expectation

bcdca8d

set proxy_ssl_server_name

6b97d58

try force hostname

04e2418

add HTTPS_HOST env var

82f9ec6

remove explicit proxy_ssl_name

b2cc8c8

remove proxy_ssl_server_name

7569e54

use correct setting

34ff36c

test tidy-up

8022d1c

alxndrsn commented Oct 21, 2025

View reviewed changes

test/nginx/test-nginx.js Show resolved Hide resolved

alxndrsn commented Oct 21, 2025

View reviewed changes

test/nginx/mock-http-server/good-key.pem Outdated Show resolved Hide resolved

alxndrsn commented Oct 21, 2025

View reviewed changes

test/nginx/mock-http-server/index.js Outdated Show resolved Hide resolved

alxndrsn added 5 commits October 21, 2025 07:32

test fake DNS with _correct_ SNI host

fa34900

refactor initHttpsServer()

042107f

fix refactor

e2d91d6

generate PEM files

de32ff4

remove unused fn

0486ef8

alxndrsn marked this pull request as ready for review October 21, 2025 08:00

alxndrsn requested a review from matthew-white October 21, 2025 08:01

matthew-white removed their request for review October 21, 2025 16:52

alxndrsn requested review from brontolosone and sadiqkhoja October 22, 2025 10:55

alxndrsn added 25 commits November 26, 2025 13:59

Check sentry actually received the CSP report

fec386a

assert sentry received reuqerst

ea31312

add more infra

555ded5

die if no cert

9751293

neater

848b38b

more comment

fa3acce

tidy

54d2fc5

rename reports

e5595e9

assert errors too

a4af372

tidy

5c918c5

wip

1c0d4f2

fix

0377eb7

more commentary

9d60707

coment SNICallback

2aa2f22

move requires to top

71065e6

handle bad API key better

ec2c0d5

change test order

8afb2c0

outdated comment

ead44e0

simplify end()

46e6d0a

fix

d6d592a

name

567026e

update comments

b0034b5

lol

589f3bc

remove unused method parma

9529a71

lint

681dce1

alxndrsn changed the title ~~csp-report: fix Sentry HTTP host~~ csp-report: ensure Sentry requests are made with SNI Nov 26, 2025

alxndrsn merged commit 5c129e5 into getodk:next Nov 26, 2025
5 checks passed

alxndrsn deleted the csp-report-test branch November 26, 2025 15:33

matthew-white mentioned this pull request Dec 1, 2025

/csp-report returns 502 #1406

Closed

matthew-white linked an issue Dec 1, 2025 that may be closed by this pull request

/csp-report returns 502 #1406

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

csp-report: ensure Sentry requests are made with SNI#1411

csp-report: ensure Sentry requests are made with SNI#1411
alxndrsn merged 54 commits intogetodk:nextfrom
alxndrsn:csp-report-test

alxndrsn commented Oct 16, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

matthew-white commented Oct 21, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

alxndrsn commented Oct 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What has been done to verify that this works as intended?

Why is this the best possible solution? Were any other approaches considered?

How does this change affect users? Describe intentional changes to behavior and behavior that could have accidentally been affected by code changes. In other words, what are the regression risks?

Does this change require updates to documentation? If so, please file an issue here and include the link below.

Before submitting this PR, please make sure you have:

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

matthew-white commented Oct 21, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

alxndrsn commented Oct 16, 2025 •

edited

Loading