fix: put error filtering in the handler

api-server/server/middlewares/sentry-error-handler.js

@@ -1,19 +1,26 @@
 import { Handlers, captureException } from '@sentry/node';
 import { sentry } from '../../../config/secrets';
+import { isHandledError } from '../utils/create-handled-error';
 
+// sends directly to Sentry
 export function reportError(err) {
   return sentry.dns === 'dsn_from_sentry_dashboard'
     ? console.error(err)
     : captureException(err);
 }
 
+// determines which errors should be reported
 export default function sentryErrorHandler() {
   return sentry.dns === 'dsn_from_sentry_dashboard'
     ? (req, res, next) => next()
     : Handlers.errorHandler({
-        shouldHandleError(error) {
-          // NOTE: 400 is too low, this is just for debugging
-          return !error.status || error.status >= 400;
+        shouldHandleError(err) {
+          // CSRF errors have status 403, consider ignoring them once csurf is
+          // no longer rejecting people incorrectly.
+          return (
+            !isHandledError(err) &&
+            (!err.status || err.status === 403 || err.status >= 500)
+          );
         }
       });
 }