Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No http headers are sent if ClientOptions.SendDefaultPii is set to false #523

Closed
ikorihn opened this issue Jan 9, 2023 · 3 comments · Fixed by #524
Closed

No http headers are sent if ClientOptions.SendDefaultPii is set to false #523

ikorihn opened this issue Jan 9, 2023 · 3 comments · Fixed by #524
Assignees
@cleptric
Labels
Type: Bug

Comments

@ikorihn
Copy link
Contributor

ikorihn commented Jan 9, 2023
edited

Summary

SendDefaultPii option was added in #485 .
This option behaves as follows:

  • client is not nil and SendDefaultPii is true -> all headers are sent
  • client is not nil and SendDefaultPii is false -> no headers are sent
  • client is nil -> headers without sensitive data are sent

Is this expected behaviour?
In case of other language, it looks like all http headers except sensitive headers are sent when SendDefaultPii is false.

sentry-python:
https://github.com/getsentry/sentry-python/blob/2f67f12e405f8a6f89418d96071158367fcf516f/sentry_sdk/integrations/_wsgi_common.py#L160

sentry-spring:
https://github.com/getsentry/sentry-java/blob/8ade22549f328b48fd01aea726141f7186f3bd65/sentry-spring/src/main/java/io/sentry/spring/SentryRequestResolver.java#L33

Steps To Reproduce

func Run(addr string) error {
	_ = sentry.Init(sentry.ClientOptions{
		SendDefaultPII: false,
	})
	defer sentry.Flush(2 * time.Second)

	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		ctx := r.Context()
		hub := sentry.GetHubFromContext(ctx)

		hub.CaptureMessage("my message")
	})

	handler := sentryhttp.New(sentryhttp.Options{}).Handle(http.DefaultServeMux)
	return http.ListenAndServe(addr, handler)
}

Expected Behavior

When ClientOptions.SendDefaultPii is false, http headers except sensitive data are sent.
I made a PR #524 .

SDK

  • sentry-go version: v0.16.0
  • Go version: 1.19
  • Using Go Modules? yes

Sentry

  • Using hosted Sentry in sentry.io? yes
@ikorihn ikorihn mentioned this issue Jan 9, 2023
Merged
@cleptric cleptric self-assigned this Jan 9, 2023
@cleptric
Copy link
Member

cleptric commented Jan 9, 2023
edited

  • client is not nil and SendDefaultPii is true -> all headers are sent
  • client is not nil and SendDefaultPii is false -> no headers are sent

Correct.

  • client is nil -> headers without sensitive data are sent

In this case, nothing should be sent actually.

ikorihn added a commit to ikorihn/sentry-go that referenced this issue Jan 10, 2023
@ikorihn
ref: Set headers inside client check (getsentry#523)
8373d13
ikorihn added a commit to ikorihn/sentry-go that referenced this issue Jan 12, 2023
@ikorihn
feat: When ClientOptions.SendDefaultPii is false, send http headers w…
85ab572 
…ithout sensitive headers (getsentry#523)
ikorihn added a commit to ikorihn/sentry-go that referenced this issue Jan 12, 2023
@ikorihn
ref: Set headers inside client check (getsentry#523)
de5abac
@cleptric
Copy link
Member

@ikorihn fixed in https://github.com/getsentry/sentry-go/releases/tag/v0.17.0

@ikorihn
Copy link
Contributor Author

ikorihn commented Jan 13, 2023

Thanks for review!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cleptric cleptric

Labels
Type: Bug
Projects
None yet
Milestone
No milestone
2 participants
@cleptric @ikorihn