Outgoing HTTP instrumentation crashes the process with "TypeError: Invalid URL" when a request path starts with //

[InterstellarStella]

Is there an existing issue for this?

• I have checked for existing issues https://github.com/getsentry/sentry-javascript/issues
• I have reviewed the documentation https://docs.sentry.io/
• I am using the latest SDK release https://github.com/getsentry/sentry-javascript/releases

How do you use Sentry?

Sentry Saas (sentry.io)

Which SDK are you using?

@sentry/node

SDK Version

10.55.0 (also verified the affected code is unchanged in 10.58.0)

Framework Version

Node.js v20.18.3 — triggered via @aws-sdk/client-s3 (@smithy/node-http-handler)

Link to Sentry event

No response

Reproduction Example/SDK Setup

The crash comes from the outgoing-HTTP instrumentation building a URL from the
request path. It reproduces with a single line:

new URL('//Trust%20scores/test.html', 'https://my-bucket.s3.us-east-1.amazonaws.com');
// → TypeError: Invalid URL

In production it is hit whenever an outgoing request has a path beginning with //, which is valid for S3 object keys:

import * as Sentry from '@sentry/node';

Sentry.init({
  dsn: '__YOUR_DSN__',
  tracesSampleRate: 1.0,
});

// Any S3 object whose key starts with a slash produces a request path of //...
// e.g. GetObject on key "/Trust scores/test.html"
import { S3Client, GetObjectCommand } from '@aws-sdk/client-s3';
const s3 = new S3Client({ region: 'us-east-1' });
await s3.send(new GetObjectCommand({ Bucket: 'my-bucket', Key: '/Trust scores/test.html' }));

Steps to Reproduce

1. Initialize @sentry/node with the default integrations (httpIntegration enabled).
2. Make any outgoing HTTP(S) request whose path starts with // (e.g. an AWS S3 GetObject for an object key that starts with a slash, which the AWS SDK turns into a request path like //Trust%20scores/test.html).
3. The process crashes with an uncaught TypeError: Invalid URL.

Expected Result

The SDK should never throw from its outgoing-request instrumentation. A path it cannot parse into a URL should be handled gracefully (skip/degrade the span/breadcrumb) rather than throwing.

Actual Result

The instrumentation throws synchronously inside diagnostics_channel.publish() during the ClientRequest constructor, so application code has no way to catch it. With the Node.js default behavior for uncaught exceptions, the process exits. In our case this crash-looped a service ~84 times/hour for two days.

TypeError: Invalid URL
    at new URL (node:internal/url:818:25)
    at getRequestUrlObject (/app/node_modules/@sentry/core/src/integrations/http/get-request-url.ts:40:10)
    at getRequestUrl (/app/node_modules/@sentry/core/src/integrations/http/get-request-url.ts:26:17)
    at Module.getRequestUrlFromClientRequest (/app/node_modules/@sentry/core/src/integrations/http/get-request-url.ts:47:17)
    at onHttpClientRequestCreated (/app/node_modules/@sentry/core/src/integrations/http/client-subscriptions.ts:68:42)
    at Channel.publish (node:diagnostics_channel:156:9)
    at new ClientRequest (node:_http_client:441:35)
    at request (node:https:629:10)
    at /app/node_modules/@smithy/node-http-handler/dist-cjs/index.js:345:25
    ... (AWS SDK @aws-sdk/client-s3 / @smithy stack) ...

Additional Context

Filed on behalf of a customer. Original conversation here.

Priority

_{React with 👍 to help prioritize this issue. Please use comments to provide useful context, avoiding +1 or me too, to help us triage it.}

[linear-code]

JS-2803

[logaretm]

Thanks for reporting this, fixed in #21645