From 66e381d53817747af4f2d059a78ccd138742342b Mon Sep 17 00:00:00 2001 From: gelbh Date: Mon, 13 Jul 2026 11:54:40 +0100 Subject: [PATCH] fix(deploy): route sentry tunnel through worker before static assets --- CHANGELOG.md | 1 + public/_headers | 2 +- src/domain/device/changelog.ts | 1 + wrangler.toml | 2 +- 4 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cdcccf9..758acb0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ - Premium: Google sign-in falls back to full-page redirect when the popup is blocked. - Premium: sign out from Premium, Create session, and Admin sign-in gates. - Sentry: error reports use a first-party tunnel so browser blockers are less likely to drop them. +- Sentry: tunnel POST requests reach the Worker instead of the static asset handler. - Map sync: Retry on the sync rail replays queued map pins after a failed upload. - Map sync: avoid update-depth loop when leaving a session. - Motion: leaving or ending a session from the map no longer leaves the map in back history. diff --git a/public/_headers b/public/_headers index 342bdf2..e7efb49 100644 --- a/public/_headers +++ b/public/_headers @@ -1,5 +1,5 @@ /* - Content-Security-Policy: default-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google.com https://www.recaptcha.net https://www.gstatic.com https://apis.google.com https://static.cloudflareinsights.com 'sha256-g5zW53vxwGLPEhAnusCiOfMuq+4Ag9Gw/AmmUK8ouW8=' 'sha256-ME4rqxRj40yjh8ZLq16hySW7pTXkaZWEwAGlMa53Msk='; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://*.basemaps.cartocdn.com https://tile.openstreetmap.org https://server.arcgisonline.com; connect-src 'self' https://*.googleapis.com https://*.gstatic.com https://accounts.google.com https://*.firebaseio.com wss://*.firebaseio.com https://firestore.googleapis.com https://identitytoolkit.googleapis.com https://securetoken.googleapis.com https://www.googleapis.com https://*.basemaps.cartocdn.com https://tile.openstreetmap.org https://server.arcgisonline.com https://overpass-api.de https://overpass.kumi.systems https://maps.mail.ru https://nominatim.openstreetmap.org https://api.open-meteo.com https://www.google.com https://www.recaptcha.net https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.ingest.de.sentry.io https://*.cloudfunctions.net https://*.run.app; font-src 'self'; worker-src 'self' blob:; manifest-src 'self'; frame-src https://www.google.com https://www.recaptcha.net https://accounts.google.com https://*.firebaseapp.com; base-uri 'self'; form-action 'self'; object-src 'none' + Content-Security-Policy: default-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google.com https://www.recaptcha.net https://www.gstatic.com https://apis.google.com https://static.cloudflareinsights.com 'sha256-g5zW53vxwGLPEhAnusCiOfMuq+4Ag9Gw/AmmUK8ouW8=' 'sha256-ME4rqxRj40yjh8ZLq16hySW7pTXkaZWEwAGlMa53Msk=' 'sha256-yx2A+C0kZioH3XTkKHS359e4Qyz2fBvzUGK+2VnNoVY='; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://*.basemaps.cartocdn.com https://tile.openstreetmap.org https://server.arcgisonline.com; connect-src 'self' https://*.googleapis.com https://*.gstatic.com https://accounts.google.com https://*.firebaseio.com wss://*.firebaseio.com https://firestore.googleapis.com https://identitytoolkit.googleapis.com https://securetoken.googleapis.com https://www.googleapis.com https://*.basemaps.cartocdn.com https://tile.openstreetmap.org https://server.arcgisonline.com https://overpass-api.de https://overpass.kumi.systems https://maps.mail.ru https://nominatim.openstreetmap.org https://api.open-meteo.com https://www.google.com https://www.recaptcha.net https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.ingest.de.sentry.io https://*.cloudfunctions.net https://*.run.app; font-src 'self'; worker-src 'self' blob:; manifest-src 'self'; frame-src https://www.google.com https://www.recaptcha.net https://accounts.google.com https://*.firebaseapp.com; base-uri 'self'; form-action 'self'; object-src 'none' Strict-Transport-Security: max-age=31536000; includeSubDomains Referrer-Policy: strict-origin-when-cross-origin X-Content-Type-Options: nosniff diff --git a/src/domain/device/changelog.ts b/src/domain/device/changelog.ts index 952f2d9..5d33736 100644 --- a/src/domain/device/changelog.ts +++ b/src/domain/device/changelog.ts @@ -24,6 +24,7 @@ export const CHANGELOG: ChangelogEntry[] = [ "Premium: Google sign-in falls back to full-page redirect when the popup is blocked.", "Premium: sign out from Premium, Create session, and Admin sign-in gates.", "Sentry: error reports use a first-party tunnel so browser blockers are less likely to drop them.", + "Sentry: tunnel POST requests reach the Worker instead of the static asset handler.", "Map sync: Retry on the sync rail replays queued map pins after a failed upload.", "Map sync: avoid update-depth loop when leaving a session.", "Motion: leaving or ending a session from the map no longer leaves the map in back history.", diff --git a/wrangler.toml b/wrangler.toml index 79cc565..54e7f99 100644 --- a/wrangler.toml +++ b/wrangler.toml @@ -15,4 +15,4 @@ enabled = true directory = "./dist" not_found_handling = "single-page-application" binding = "ASSETS" -run_worker_first = ["/assets/*"] +run_worker_first = ["/assets/*", "/api/sentry-tunnel"]