feat: When ClientOptions.SendDefaultPii is false, send http headers w…

…ithout sensitive data (#524)

Co-authored-by: Michi Hoffmann <cleptric@users.noreply.github.com>

fasthttp/sentryfasthttp_test.go

@@ -142,7 +142,6 @@ func TestIntegration(t *testing.T) {
 
 	eventsCh := make(chan *sentry.Event, len(tests))
 	err := sentry.Init(sentry.ClientOptions{
-		SendDefaultPII: true,
 		BeforeSend: func(event *sentry.Event, hint *sentry.EventHint) *sentry.Event {
 			eventsCh <- event
 			return event

http/sentryhttp_test.go

@@ -156,7 +156,6 @@ func TestIntegration(t *testing.T) {
 
 	eventsCh := make(chan *sentry.Event, len(tests))
 	err := sentry.Init(sentry.ClientOptions{
-		SendDefaultPII: true,
 		BeforeSend: func(event *sentry.Event, hint *sentry.EventHint) *sentry.Event {
 			eventsCh <- event
 			return event

interfaces.go

@@ -169,21 +169,19 @@ func NewRequest(r *http.Request) *Request {
 	var env map[string]string
 	headers := map[string]string{}
 
-	if client := CurrentHub().Client(); client != nil {
-		if client.Options().SendDefaultPII {
-			// We read only the first Cookie header because of the specification:
-			// https://tools.ietf.org/html/rfc6265#section-5.4
-			// When the user agent generates an HTTP request, the user agent MUST NOT
-			// attach more than one Cookie header field.
-			cookies = r.Header.Get("Cookie")
-
-			for k, v := range r.Header {
-				headers[k] = strings.Join(v, ",")
-			}
+	if client := CurrentHub().Client(); client != nil && client.Options().SendDefaultPII {
+		// We read only the first Cookie header because of the specification:
+		// https://tools.ietf.org/html/rfc6265#section-5.4
+		// When the user agent generates an HTTP request, the user agent MUST NOT
+		// attach more than one Cookie header field.
+		cookies = r.Header.Get("Cookie")
 
-			if addr, port, err := net.SplitHostPort(r.RemoteAddr); err == nil {
-				env = map[string]string{"REMOTE_ADDR": addr, "REMOTE_PORT": port}
-			}
+		for k, v := range r.Header {
+			headers[k] = strings.Join(v, ",")
+		}
+
+		if addr, port, err := net.SplitHostPort(r.RemoteAddr); err == nil {
+			env = map[string]string{"REMOTE_ADDR": addr, "REMOTE_PORT": port}
 		}
 	} else {
 		sensitiveHeaders := getSensitiveHeaders()

interfaces_test.go

@@ -80,6 +80,7 @@ func TestNewRequest(t *testing.T) {
 	r.Header.Add("Cookie", "foo=bar")
 	r.Header.Add("X-Forwarded-For", "127.0.0.1")
 	r.Header.Add("X-Real-Ip", "127.0.0.1")
+	r.Header.Add("Some-Header", "some-header value")
 
 	got := NewRequest(r)
 	want := &Request{
@@ -94,6 +95,7 @@ func TestNewRequest(t *testing.T) {
 			"Host":            "example.com",
 			"X-Forwarded-For": "127.0.0.1",
 			"X-Real-Ip":       "127.0.0.1",
+			"Some-Header":     "some-header value",
 		},
 		Env: map[string]string{
 			"REMOTE_ADDR": "192.0.2.1",
@@ -112,6 +114,7 @@ func TestNewRequestWithNoPII(t *testing.T) {
 	r.Header.Add("Cookie", "foo=bar")
 	r.Header.Add("X-Forwarded-For", "127.0.0.1")
 	r.Header.Add("X-Real-Ip", "127.0.0.1")
+	r.Header.Add("Some-Header", "some-header value")
 
 	got := NewRequest(r)
 	want := &Request{
@@ -121,7 +124,8 @@ func TestNewRequestWithNoPII(t *testing.T) {
 		QueryString: "q=sentry",
 		Cookies:     "",
 		Headers: map[string]string{
-			"Host": "example.com",
+			"Host":        "example.com",
+			"Some-Header": "some-header value",
 		},
 		Env: nil,
 	}