Stack position: 4/10. Blocked by #3001**,** #3002**.**
Replace the send_default_pii gate in the core request/event path with data_collection, using the modes/denylist helper (#3001).
Gate sites
sentry-ruby/lib/sentry/interfaces/request.rb
:50-54 IP headers (IP_HEADERS wipe) → gated by IP/user_info handling (coordinate with RUBY-192)
:59-63 request body, cookies, query string → http_bodies (:incoming_request), cookies, query_params
:96 HTTP_AUTHORIZATION and other request headers → http_headers.request modes/denylist
sentry-ruby/lib/sentry/event.rb:106 IP address (calculate_real_ip_from_rack) — coordinate the IP gate with user_info (RUBY-192); keep here whichever category owns request IP.
Files
interfaces/request.rb, event.rb
spec/sentry/interfaces/request_interface_spec.rb, spec/sentry/event_spec.rb, spec/sentry/rack/capture_exceptions_spec.rb
Tests
- Cookies/query/body/headers under each mode; denylist scrubbing on headers (e.g.
Authorization); body only when :incoming_request present.
Security-sensitive: primary inbound-request PII path.
Stack position: 4/10. Blocked by #3001**,** #3002**.**
Replace the
send_default_piigate in the core request/event path withdata_collection, using the modes/denylist helper (#3001).Gate sites
sentry-ruby/lib/sentry/interfaces/request.rb:50-54IP headers (IP_HEADERSwipe) → gated by IP/user_infohandling (coordinate with RUBY-192):59-63request body, cookies, query string →http_bodies(:incoming_request),cookies,query_params:96HTTP_AUTHORIZATIONand other request headers →http_headers.requestmodes/denylistsentry-ruby/lib/sentry/event.rb:106IP address (calculate_real_ip_from_rack) — coordinate the IP gate withuser_info(RUBY-192); keep here whichever category owns request IP.Files
interfaces/request.rb,event.rbspec/sentry/interfaces/request_interface_spec.rb,spec/sentry/event_spec.rb,spec/sentry/rack/capture_exceptions_spec.rbTests
Authorization); body only when:incoming_requestpresent.Security-sensitive: primary inbound-request PII path.