Skip to content

feat(project): increase securityTokenHeader max_length from 20 to 64#112483

Merged
dcramer merged 1 commit intomasterfrom
junior/increase-security-token-header-limit
Apr 10, 2026
Merged

feat(project): increase securityTokenHeader max_length from 20 to 64#112483
dcramer merged 1 commit intomasterfrom
junior/increase-security-token-header-limit

Conversation

@sentry-junior
Copy link
Copy Markdown
Contributor

@sentry-junior sentry-junior bot commented Apr 8, 2026

Summary

Increases the securityTokenHeader field limit from 20 to 64 characters in the project settings serializer.

The previous 20-char cap was too restrictive — common header names like X-Custom-Security-Header (26 chars) hit the limit. 64 is a more practical ceiling that still constrains unbounded input.

Changes

  • src/sentry/core/endpoints/project_details.py: max_length=20max_length=64 on securityTokenHeader field
  • tests/sentry/core/endpoints/test_project_details.py: adds test_security_token_header_max_length covering:
    • exactly 64 chars accepted (boundary)
    • 65 chars rejected with 400

Test pattern matches prior art in the same test class (e.g. test_sensitive_fields_too_long, test_store_crash_reports_exceeded).

feat(project): increase securityTokenHeader max_length from 20 to 64
2e06d38 
The security token header field was capped at 20 characters, which is
too restrictive for common header names (e.g. X-Custom-Security-Header).
Increase the limit to 64 to accommodate real-world use cases.

Add test_security_token_header_max_length to cover boundary acceptance
(exactly 64 chars) and rejection (65 chars), matching prior art test
patterns for field length validation in this test class.
@github-actions github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Apr 8, 2026
@dcramer dcramer marked this pull request as ready for review April 8, 2026 16:45
@dcramer dcramer requested a review from a team as a code owner April 8, 2026 16:45
@dcramer dcramer enabled auto-merge (squash) April 8, 2026 16:54
@markstory markstory added the Trigger: getsentry tests Once code is reviewed: apply label to PR to trigger getsentry tests label Apr 10, 2026
@dcramer dcramer merged commit 11542d0 into master Apr 10, 2026
71 of 72 checks passed
@dcramer dcramer deleted the junior/increase-security-token-header-limit branch April 10, 2026 14:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wedamija wedamija wedamija approved these changes

Assignees

No one assigned

Labels

Scope: Backend Automatically applied to PRs that change backend components Trigger: getsentry tests Once code is reviewed: apply label to PR to trigger getsentry tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wedamija @dcramer @markstory