From 231e816176588a94371487d686933dbcd8f104ae Mon Sep 17 00:00:00 2001 From: ikorihn <16367098+ikorihn@users.noreply.github.com> Date: Thu, 12 Jan 2023 19:43:17 +0900 Subject: [PATCH] feat: When ClientOptions.SendDefaultPii is false, send http headers without sensitive data (#524) Co-authored-by: Michi Hoffmann --- fasthttp/sentryfasthttp_test.go | 1 - http/sentryhttp_test.go | 1 - interfaces.go | 26 ++++++++++++-------------- interfaces_test.go | 6 +++++- 4 files changed, 17 insertions(+), 17 deletions(-) diff --git a/fasthttp/sentryfasthttp_test.go b/fasthttp/sentryfasthttp_test.go index 3ee8b6667..6f40fd86c 100644 --- a/fasthttp/sentryfasthttp_test.go +++ b/fasthttp/sentryfasthttp_test.go @@ -142,7 +142,6 @@ func TestIntegration(t *testing.T) { eventsCh := make(chan *sentry.Event, len(tests)) err := sentry.Init(sentry.ClientOptions{ - SendDefaultPII: true, BeforeSend: func(event *sentry.Event, hint *sentry.EventHint) *sentry.Event { eventsCh <- event return event diff --git a/http/sentryhttp_test.go b/http/sentryhttp_test.go index 2d97ce8bd..2602223c1 100644 --- a/http/sentryhttp_test.go +++ b/http/sentryhttp_test.go @@ -156,7 +156,6 @@ func TestIntegration(t *testing.T) { eventsCh := make(chan *sentry.Event, len(tests)) err := sentry.Init(sentry.ClientOptions{ - SendDefaultPII: true, BeforeSend: func(event *sentry.Event, hint *sentry.EventHint) *sentry.Event { eventsCh <- event return event diff --git a/interfaces.go b/interfaces.go index 0d20ba397..8b0d06621 100644 --- a/interfaces.go +++ b/interfaces.go @@ -169,21 +169,19 @@ func NewRequest(r *http.Request) *Request { var env map[string]string headers := map[string]string{} - if client := CurrentHub().Client(); client != nil { - if client.Options().SendDefaultPII { - // We read only the first Cookie header because of the specification: - // https://tools.ietf.org/html/rfc6265#section-5.4 - // When the user agent generates an HTTP request, the user agent MUST NOT - // attach more than one Cookie header field. - cookies = r.Header.Get("Cookie") - - for k, v := range r.Header { - headers[k] = strings.Join(v, ",") - } + if client := CurrentHub().Client(); client != nil && client.Options().SendDefaultPII { + // We read only the first Cookie header because of the specification: + // https://tools.ietf.org/html/rfc6265#section-5.4 + // When the user agent generates an HTTP request, the user agent MUST NOT + // attach more than one Cookie header field. + cookies = r.Header.Get("Cookie") - if addr, port, err := net.SplitHostPort(r.RemoteAddr); err == nil { - env = map[string]string{"REMOTE_ADDR": addr, "REMOTE_PORT": port} - } + for k, v := range r.Header { + headers[k] = strings.Join(v, ",") + } + + if addr, port, err := net.SplitHostPort(r.RemoteAddr); err == nil { + env = map[string]string{"REMOTE_ADDR": addr, "REMOTE_PORT": port} } } else { sensitiveHeaders := getSensitiveHeaders() diff --git a/interfaces_test.go b/interfaces_test.go index 79014e34b..092e67555 100644 --- a/interfaces_test.go +++ b/interfaces_test.go @@ -80,6 +80,7 @@ func TestNewRequest(t *testing.T) { r.Header.Add("Cookie", "foo=bar") r.Header.Add("X-Forwarded-For", "127.0.0.1") r.Header.Add("X-Real-Ip", "127.0.0.1") + r.Header.Add("Some-Header", "some-header value") got := NewRequest(r) want := &Request{ @@ -94,6 +95,7 @@ func TestNewRequest(t *testing.T) { "Host": "example.com", "X-Forwarded-For": "127.0.0.1", "X-Real-Ip": "127.0.0.1", + "Some-Header": "some-header value", }, Env: map[string]string{ "REMOTE_ADDR": "192.0.2.1", @@ -112,6 +114,7 @@ func TestNewRequestWithNoPII(t *testing.T) { r.Header.Add("Cookie", "foo=bar") r.Header.Add("X-Forwarded-For", "127.0.0.1") r.Header.Add("X-Real-Ip", "127.0.0.1") + r.Header.Add("Some-Header", "some-header value") got := NewRequest(r) want := &Request{ @@ -121,7 +124,8 @@ func TestNewRequestWithNoPII(t *testing.T) { QueryString: "q=sentry", Cookies: "", Headers: map[string]string{ - "Host": "example.com", + "Host": "example.com", + "Some-Header": "some-header value", }, Env: nil, }