ref(tracing): Ignore third party baggage entries from incoming requests #5319
Conversation
was not used anymore (except in tests)
size-limit report 📦
|
| metadata: { baggage: baggage }, | ||
| metadata: { baggage }, |
There was a problem hiding this comment.
Just to cut down a few bytes....
| // In case, we poulated the DSC, we have update the stored one on the transaction. | ||
| if (existingBaggage !== finalBaggage) { | ||
| this.metadata.baggage = finalBaggage; | ||
| } | ||
| // Update the baggage stored on the transaction. | ||
| this.metadata.baggage = finalBaggage; |
There was a problem hiding this comment.
IMO, it's simpler this way and saves us some bytes
packages/utils/src/baggage.ts
Outdated
| if (!isSentryBaggageEmpty(baggage) || (sentryTraceHeader && isSentryBaggageEmpty(baggage))) { | ||
| setBaggageImmutable(baggage); | ||
| } | ||
|
|
||
| // Because we are always creating a Baggage object by calling `parseBaggageHeader` above | ||
| // (either a filled one or an empty one, even if we didn't get a `baggage` header), | ||
| // we only need to check if we have a sentry-trace header or not. As soon as we have it, | ||
| // we set baggage immutable. In case we don't get a sentry-trace header, we can assume that | ||
| // this SDK is the head of the trace and thus we still permit mutation at this time. | ||
| sentryTraceHeader && setBaggageImmutable(baggage); | ||
|
|
There was a problem hiding this comment.
This is arguably a critical change here because it does not cover one edge case (which I don't know if it ever exists): We receive an incoming request without a sentry-trace header but with a baggage header that contains sentry- entries. In such a situation, this change would keep the baggage mutable, where previously it would have been set immutable.
WDYT, should we handle this edge case or do we assume that we won't receive this combination of headers?
I personally can't think of a situation when this would occur because all SDKs already send sentry-trace headers. I therefore made this simplification here. Happy to revisit though!
The inverse situation (no baggage but a sentry-trace header) is of course handled correctly.
There was a problem hiding this comment.
In such a situation, this change would keep the baggage mutable, where previously it would have been set immutable.
Technically we shouldn't need to handle this edge case, but I think we should just in case. I think this is the correct behaviour. Let's update the develop docs to account for this?
There was a problem hiding this comment.
Let's update the develop docs to account for this
Sure, I'm all for it. We should try to find a conclusion as to what this means though. If we get a baggage header with sentry- entries but no sentry-trace header,
- Are we the head of trace or not?
- What happened before (i.e. in the SDK that propagated the baggage header to us) and where could something like this come from?
- And most importantly, is it okay to say, we just freeze baggage and propagate it downstream?
- Would we in this case get
sentry-trace_idwith that baggage header and if yes, why don't we get sentry-trace in that situation? - Could this come from a third party that (intentionally) sends sentry- entries in baggage s.t. our DS data is corrupted?
Not saying we have to have definitive answers to all of them but to me these are questions we should ask if this ever happens
| /** | ||
| * Parse a baggage header from a string or a string array and return a Baggage object | ||
| * | ||
| * If @param includeThirdPartyEntries is set to true, thir party baggage entries are added to the Baggage object |
There was a problem hiding this comment.
| * If @param includeThirdPartyEntries is set to true, thir party baggage entries are added to the Baggage object | |
| * If @param includeThirdPartyEntries is set to true, third party baggage entries are added to the Baggage object |
There was a problem hiding this comment.
Whoops, forgot to commit this. Opened #5322
This PR makes changes to how we handle third party content in the
baggageHttp header: On incoming requests we no longer parse and put non-sentry-baggage entries into theBaggageobject but we ignore them and instead store an empty third party string. The reason for this change is that - as we discussed and agreed upon - the Sentry SDK should not be responsible for propagating other vendors' data. If users want to propagate that data as well on the service where the Sentry SDK is installed, they should add the other vendors' propagation mechanisms. In fact, this is the only way we can ensure that baggage content that should not be propagated further is really stopped.It's important to note that this only concerns incoming 3rd party baggage items. If other vendors (or the users themselves) add a
baggageheader to the outgoing request before the Sentry SDK adds itsbaggageheader, we continue to merge the two headers such that the 3rd party baggage as well as this SDK's DSC entries are still in the final header. In (the edge) case that this 3rd partybaggageheader already containssentry-entries, they will be ignored and overwritten with this SDK'ssentry-entries.With this PR, our DSC propagation behaviour conforms with our DSC specification.
In addition of these changes, this PR also contains a few small cleanups and improvements:
isBaggageEmptyhelper function (+ tests) as it was not used anymore except for in testsbaggageheader merging in case another vendor injects a baggage header before the Sentry SDKfixes #5297