Sentry-javascript: UBlock Origin blocks RavenJS CDN

@zachdunn – Hey, I replied to the latest thread with my best attempt for explaining why this should be unblocked. I'm hoping they'll be reasonable.

FYI, @benvinegar @zachdunn the list maintainer has asked for some site examples where its broken
https://forums.lanik.us/viewtopic.php?p=100775#p100775

Hey Vladimir,

Thanks for the heads up. We'll put together some examples and update the thread.

The ravenjs.com entry was removed from Easylist some time ago – closing.

This is happenning again. The EasyPrivacy list is catching the Sentry CDN (at least through ublock), breaking my site completely. I wasn't able to find a repository to track it back to a discussion.

It would be useful to catch this when trying to call Sentry from the npm package so applications don't break.

@elamperti waiting for my account activation on their mailing list, will try to resolve this.

Answer pending: https://forums.lanik.us/viewtopic.php?f=64&t=43332

This issue has been happenning at least once a year for the last 3+ years...

My whole application breaks if Sentry fails to load and that isn't helpful at all. I guess it's time to bundle/proxy/mask the script to avoid ublock? :confused:

Previous attempt by @kamilogorek was locked and probably ignored: https://forums.lanik.us/viewtopic.php?f=64&t=43332

see if you can submit a PR to remove https://github.com/easylist/easylist/blob/master/easyprivacy/easyprivacy_thirdparty.txt#L404 from the list

Wanted to note that Sentry's API has also been added to uBlock Origin's own default Privacy list (separate from EasyPrivacy), along with Bugsnag: https://github.com/uBlockOrigin/uAssets/commit/6489ab5eaf2a838bcdf2ae74ec8542ebb897d16d

They claim to follow the same guidelines as EasyPrivacy, so presumedly if you have an example showing a site that is broken without Sentry and it is removed from EasyPrivacy, you may be able to have it removed from uBO. I'm not sure that's likely, though (see my comment below). I think it's fair to say blocking the SDK breaks sites, but blocking the APIs don't, and that may be an acceptable compromise given that it is, at the end of the day, a privacy blocking list.

I'm not sure if there's a simple way to e.g. proxy Sentry's API to avoid that blocking, but it may be viable if you really want to work around it.

@elamperti FWIW, if your site breaks if Sentry fails to load, I do think you should either bundle or self-host the script. You will then want to make sure your site still works if the Sentry API is blocked (as uBlock Origin is now doing), but I believe it should - I'm pretty sure the Sentry SDK purposefully doesn't throw any unhandled exceptions or anything if the API is down, to prevent e.g. breaking your site if Sentry has an outage.

Thanks for the inisght @thomasboyt, I've been using it from the CDN but I'll start bundling it and add some extra checks before I call Sentry. Thank you! :slightly_smiling_face:

As per @thomasboyt's comment, Sentry.io is now blocked via uBlock. This includes error tracking from what I can tell.

Not completely sure how I feel on this. I believe strongly in privacy, but preventing error reports I'm not so sure about.
User choice along the lines of the old "Send" / "Do Not Send" error report buttons was good in some ways...

Fathom Analytics and a few other new "privacy-friendly" analytics providers have workarounds like adding a CNAME for ethical tracking: https://usefathom.com/support/custom-domains

I dunno what to suggest or ask for here, maybe there are no good answers.

This has been fixed (_for now_) - details are here: https://github.com/uBlockOrigin/uAssets/pull/7924