Summary

A high level overview of why we supply tunnelling in Sentry is described in NextJS: Using the tunnel option.

I'm assuming we're doing something similar in our .NET backend... so to prevent ad blockers etc. getting in the way of sending data to Sentry, your Angular front end is sending these to your back end (which is sitting on host that's allowed by the CORS policy) and the back end then forwards those events to Sentry on behalf of the Angular SPA?

Assuming I've followed along so far, our tunnelling logic then needs to get the user's IP address (i.e. the ip:port of the machine calling the tunnelling endpoint) and use this value to set the X-Forwarded-For header when forwarding requests.

References

Similar to what's discussed here: https://forum.sentry.io/t/real-client-ip-with-sentry-nextjs-tunnel/15438/2