gtm.js causes issues, cannot be filtered using denyUrls

[jessetan]

Is there an existing issue for this?

• I have checked for existing issues https://github.com/getsentry/sentry-javascript/issues
• I have reviewed the documentation https://docs.sentry.io/
• I am using the latest SDK release https://github.com/getsentry/sentry-javascript/releases

How do you use Sentry?

Sentry Saas (sentry.io)

Which SDK are you using?

@sentry/nextjs

SDK Version

7.70.0

Framework Version

Next.js 12.3.4

Link to Sentry event

https://parfumado.sentry.io/issues/4503191085/?alert_rule_id=12596894&alert_type=issue&notification_uuid=a57be758-fb1d-4930-be13-254321452057&project=4504049306435584&referrer=issue_alert-slack

SDK Setup

Relevant part from sentry.client.config.js

denyUrls: [
    /www\.googletagmanager\.com/i,
],

next.config.js

  sentry: {
    hideSourceMaps: true,
    widenClientFileUpload: true,
  },

Steps to Reproduce

We have setup Sentry for our Next.js app and include Google Tag Manager in a <script>.
We add googletagmanager.com to the denyUrls, but we still get errors like "TypeError: undefined is not an object (evaluating 'a.N')", while there is no place in our code (but there is in gtm.js) that contains a.N.

The stacktrace in Sentry then does not point to gtm.js, instead it thinks comes from our own app.
When I run sentry-cli sourcemaps explain for the event, it does flag that this comes from a script element:

✔ Event has a valid exception present
✔ Event has a valid stacktrace present
✖ Selected frame (0) of event exception originates from the <script> tag, its not possible to resolve source maps

Expected Result

• The stacktrace in Sentry should show that this comes from gtm.js
• We should be able to filter out these issues using denyUrls

Actual Result

[mydea]

Hey there,

could you maybe try adding the ContextLines integration as described here: https://docs.sentry.io/platforms/javascript/guides/nextjs/configuration/integrations/contextlines/

Maybe that can help adding more information to the captured frames. It's a bit hard to say what exactly gtm does, sadly...!

[jessetan]

We actually have ContextLines integration turned on. My specific issue is that I expected the issue to be filtered out before being sent to Sentry, not that it has (or does not have) enough context.

[lforst]

I think the root issue here is that we have an issue in Next.js with the basePath setting in combination with source maps. If we fix that you can set inbound filters in the settings inside the SDK.

[jessetan]

Thanks @lforst, is that #9057? We do not config an explicit basePath in our config though.

[lforst]

is that #9057?

@jessetan Mayyybee? I am not sure.

It's good to know though that you're not configuring a basePath. Another question: Are you using some kind of monorepo like Nx or Yarn workspaces? I am trying to figure out if we mess up some kind of path in the SDK..

[jessetan]

We have a subpackage in a folder (an editor for a headless CMS) which is bundled into the main app. It has its own deps and we use an older version of lerna to make sure all the dependencies are met without conflict.
We don't release multiple packages from a monorepo though.

[mattleonowicz]

Any news here? We're also getting a lot of errors coming from gtm scripts of our clients.
We even setup allowUrls to be just window.location.origin + 2 of our company domains from which we serve script and shoot API requests. Even with that, those scripts pass through

[mydea]

I would guess the problem is (and you can kind of see this in the screenshot you posted) that the error originates in global code, not in the gtm.js file - the first frame shows this. 🤔

I guess one thing you could try is to set up a beforeSend hook, and there look at the actual frames of the exception and see if one of them comes from gtm.js, and then drop the error - this may work. Could you try this and see if it helps>

[mattleonowicz]

True, maybe GTM scripts of our clients just inject some other code directly into HTML and then they pose as normal <script> tags from html. Although if the trace from https://www.googletagmanager.com/gtm.js is visible shouldn't it be dropped due to our allowUrls? While testing this beforeSend solution with some sample GTM script that throws errors, the beforeSend function was not called at all. Only after I commented out our allowUrls, it started picking up this error
That means that allowUrls do already filter those errors from GTM. Question is why not all of them.

Regardless, I'll add what you suggested, as a second layer of filtering.

if (event.exception?.values?.[0]?.stacktrace?.frames?.some((f) => f.filename?.includes(`https://www.googletagmanager.com/gtm.js`))) {
  return null;
}

I hope it helps. Thank you @mydea

[AbhiPrasad]

Closing this issue for clean-up. Please open a new issue if it still applies. Thanks!