You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is currently no way for Node developers to control to which outgoing requests tracing headers are propagated.
Why is this a problem?
Currently, the Node SDK will send DSC to any outgoing requests including potential PII
There is currently no config available to block sending information to 3rd parties
It is also an issue when 3rd parties also use Sentry - Stripe example - and they will treat it as their DSC and can negatively influence DS decisions
How does it work in the Browser SDK?
tracingOrigins is an array of domains where we can send tracing headers for outgoing requests
On a request, if the request-target matches an item from the array, it will create a span and add tracing
A suggestion:
separate these 2 (span and instrumenting)
that would be a non-breaking change
How to fix?
Currently, we have the tracingOrigins option implemented in the JS browser SDK, and some other SDKs like Java and Android. It has been agreed that another option (tracePropagationTargets) will be included as part of standard features for all Sentry SDK(s). The tracePropagationTargets should also at some point supersede the deprecated tracingOrigins in the Browser SDK.
The desired behavior of tracePropagationTargets in the Node SDK:
By default, all outgoing requests are instrumented with trace data.
If a tracePropagationTargets option is provided by the user, only requests with URLs that match an item in the array will have trace data attached.
Problem statement:
There is currently no way for Node developers to control to which outgoing requests tracing headers are propagated.
Why is this a problem?
How does it work in the Browser SDK?
tracingOrigins
is an array of domains where we can send tracing headers for outgoing requestsHow to fix?
Currently, we have the
tracingOrigins
option implemented in the JS browser SDK, and some other SDKs like Java and Android. It has been agreed that another option (tracePropagationTargets
) will be included as part of standard features for all Sentry SDK(s). ThetracePropagationTargets
should also at some point supersede the deprecatedtracingOrigins
in the Browser SDK.The desired behavior of
tracePropagationTargets
in the Node SDK:tracePropagationTargets
option is provided by the user, only requests with URLs that match an item in the array will have trace data attached.Further information:
The text was updated successfully, but these errors were encountered: