feat(nextjs): Add option to automatically tunnel events

[lforst]

Adds the option tunnelRoute to the withSentryConfig() wrapper to automatically tunnel Sentry requests through the Next.js server via a configured route. This is a mechanism to prevent ad-blockers from blocking requests to Sentry.

We are leveraging Next.js rewrites option for tunneling which is essentially just a proxy configuration. It has the upside that when deployed on Vercel it is quite fast.

One thing we needed to take care of was that we're not creating spans/transactions for these proxied requests because they were extremely spammy.

Resolves: #5571

[github-actions]

size-limit report 📦

Path	Size
@sentry/browser - ES5 CDN Bundle (gzipped + minified)	19.71 KB (+0.01% 🔺)
@sentry/browser - ES5 CDN Bundle (minified)	61.11 KB (0%)
@sentry/browser - ES6 CDN Bundle (gzipped + minified)	18.5 KB (-0.01% 🔽)
@sentry/browser - ES6 CDN Bundle (minified)	54.64 KB (0%)
@sentry/browser - Webpack (gzipped + minified)	20.28 KB (0%)
@sentry/browser - Webpack (minified)	66.33 KB (0%)
@sentry/react - Webpack (gzipped + minified)	20.3 KB (0%)
@sentry/nextjs Client - Webpack (gzipped + minified)	47.5 KB (+0.42% 🔺)
@sentry/browser + @sentry/tracing - ES5 CDN Bundle (gzipped + minified)	26.7 KB (-0.02% 🔽)
@sentry/browser + @sentry/tracing - ES6 CDN Bundle (gzipped + minified)	25.15 KB (+0.01% 🔺)
@sentry/replay ES6 CDN Bundle (gzipped + minified)	41.73 KB (-0.01% 🔽)
@sentry/replay - Webpack (gzipped + minified)	38 KB (0%)

[AbhiPrasad]

Can we get some tests? In particular I would like to see shouldTraceRequest and the options.tunnel = tunnelPath logic tested.

We can prob extract the options.tunnel = tunnelPath into a util function and export it just to be unit tested.

[AbhiPrasad]

l: This should work with self-hosted as well right? Why indicate SaaS?

[lforst]

Is there a reason to tunnel if you're already on self-hosted? Requests to self-hosted instances are probably not being blocked by ad blockers.

Another reason we limit this is because of next.js rewrite restrictions. For example, the protocol needs to be static.

[lobsterkatie]

I was going to ask the same thing. It's for sure less likely for someone's self-hosted instance to land on a block-list, but not impossible.

[AbhiPrasad]

Is there a reason to tunnel if you're already on self-hosted

Good point, not sure actually, don't know enough to comment on this. @kamilogorek is tunneling a thing for self-hosted users?

[lforst]

It's for sure less likely for someone's self-hosted instance to land on a block-list, but not impossible.

I believe if somebody's self-hosted instance is landing on a block-list, they're probably high-profile enough that their proxy route (via this option) will also land on a block list - rendering the option useless anyhow.

I personally would ship this without directly supporting self-hosted. And if we see demand for proxying to other hosts we can pretty easily add something like a tunnelTarget option that would allow for that. It should be perfectly compatible with this change.

I am not gonna go into detail here but there are a few things to consider when letting users choose the host. For example, we would need some special logic to tunnel requests to ingest.sentry.io because you cannot put that string into a tunnel request, since it would be blocked.

[AbhiPrasad]

They can also implement this logic themselves if they need to for the self-hosted case. Yeah that sounds reasonable enough for me.

[lobsterkatie]

I believe if somebody's self-hosted instance is landing on a block-list, they're probably high-profile enough that their proxy route (via this option) will also land on a block list - rendering the option useless anyhow.

I personally would ship this without directly supporting self-hosted. And if we see demand for proxying to other hosts we can pretty easily add something like a tunnelTarget option that would allow for that. It should be perfectly compatible with this change.

Yup, that's fair. Let's leave it as is.

[lobsterkatie]

This is a nice addition!

[lobsterkatie]

I was going to ask the same thing. It's for sure less likely for someone's self-hosted instance to land on a block-list, but not impossible.

[lobsterkatie]

This is a nice addition!

(Got the mad rainbow unicorn, and now this comment is here twice. But I'm paranoid and don't want to delete it in case it's just a display bug and I end up deleting the original. Let's see if this edit shows up on both...)

[lobsterkatie]

Looks good! All of my remaining suggestions are just about comments, so all L.