feat(react-native): Add NetworkRecordingOptions and network sanitizer#485
Merged
feat(react-native): Add NetworkRecordingOptions and network sanitizer#485
NetworkRecordingOptions and network sanitizer#485Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 45db54b. Configure here.
Vadman97
approved these changes
Apr 22, 2026
Contributor
Vadman97
left a comment
Vadman97
left a comment
There was a problem hiding this comment.
looks fine to me as is to keep the urlBlocklist on the existing options rather than tthe network recording options
Merged
Vadman97
pushed a commit
that referenced
this pull request
Apr 22, 2026
🤖 I have created a release *beep* *boop* --- <details><summary>observability-react-native: 0.9.0</summary> ## [0.9.0](observability-react-native-0.8.1...observability-react-native-0.9.0) (2026-04-22) ### Features * **react-native:** Add `NetworkRecordingOptions` and network sanitizer ([#485](#485)) ([b717bcb](b717bcb)) </details> <details><summary>session-replay-react-native: 0.4.3</summary> ## [0.4.3](session-replay-react-native-0.4.2...session-replay-react-native-0.4.3) (2026-04-22) ### Dependencies * The following workspace dependencies were updated * dependencies * @launchdarkly/observability-react-native bumped to 0.9.0 </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk release metadata-only changes (version bumps, manifest/changelog updates) with no runtime code modifications in this diff. > > **Overview** > Publishes a new React Native SDK release by bumping `@launchdarkly/observability-react-native` to `0.9.0` (adds `NetworkRecordingOptions` and a network sanitizer per changelog) and `@launchdarkly/session-replay-react-native` to `0.4.3`. > > Updates `.release-please-manifest.json`, both packages’ `package.json` versions, and their `CHANGELOG.md` entries to reflect the release and dependency bump. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 8bb78a1. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Ports
NetworkRecordingOptionsand the network sanitizer fromhighlight-runinto@launchdarkly/observability-react-native, wiring them up to the existing OpenTelemetryFetchInstrumentationandXMLHttpRequestInstrumentationvia theapplyCustomAttributesOnSpanhook.
When
recordHeadersAndBodyis enabled, the SDK will add sanitized request/response headers(and response bodies for XHR, request bodies for string fetch bodies) as attributes on the HTTP
spans that OTel already creates. Sensitive headers (
authorization,cookie,proxy-authorization,set-cookie,token) are always redacted by default, regardless ofother configuration.
(Note: This PR was mostly generated with Claude.)
Breaking Changes
None. The new
networkRecordingoption onReactNativeOptionsis optional and defaults to{}(feature off). Existing SDK behavior is unchanged.
New APIs
The following are added to the public API surface of
@launchdarkly/observability-react-native:NetworkRecordingOptions(new exported type):ReactNativeOptions.networkRecording(new optional field):networkRecording?: NetworkRecordingOptionsThis is a minor version bump (new opt-in API, no breaking changes).
Note:
urlBlocklistplacementIn the web SDK (
highlight-run),urlBlocklistlives insideNetworkRecordingOptions. In theReact Native SDK it is intentionally omitted from
NetworkRecordingOptionsbecause it alreadyexists as a top-level field on
ReactNativeOptions(where it controls OTel trace headerpropagation). The existing top-level
urlBlocklistis reused to also gate header/body recording,so there is no duplication.
Files Copied From
highlight-runsrc/listeners/network-listener/utils/models.ts— copied fromsdk/highlight-run/src/client/listeners/network-listener/utils/models.tswith no changessrc/listeners/network-listener/utils/network-sanitizer.ts— copied fromsdk/highlight-run/src/client/listeners/network-listener/utils/network-sanitizer.tswith nochanges
src/listeners/network-listener/utils/xhr-listener.ts— copied fromsdk/highlight-run/src/client/listeners/network-listener/utils/xhr-listener.ts, stripped togetBodyThatShouldBeRecordedand its size-limit constants only; removedXHRListener,getBodyData, thejson-stringify-safeimport, and all other browser-patching codeNew file (no direct equivalent in
highlight-run):src/listeners/network-listener/network-listener.ts— exportsFetchHookandXHRHook,curried functions that take
NetworkRecordingOptionsand return the appropriateapplyCustomAttributesOnSpanhandlers for OTel'sFetchInstrumentationandXMLHttpRequestInstrumentationTesting
The existing source files copied from
highlight-runhave no unit tests in that package, so adding unit tests is deferred to a follow-up PR, if desired. The natural candidates would be:network-sanitizer.test.ts—sanitizeHeadersandsanitizeUrl(pure functions)xhr-listener.test.ts—getBodyThatShouldBeRecorded(pure function)network-listener.test.ts—FetchHook/XHRHookwith a mockedSpanNote
Medium Risk
Adds optional recording of HTTP headers/bodies onto OTel spans; despite redaction controls, mistakes or misconfiguration could capture sensitive data and increase span size/perf overhead.
Overview
Adds a new
networkRecordingoption (via exportedNetworkRecordingOptions) to optionally attach sanitized request/response headers and bodies to OpenTelemetryFetchInstrumentation/XMLHttpRequestInstrumentationspans.Introduces a network listener + sanitizer utilities that always sanitize span URL attributes (redacting credentials and sensitive query params), redact known sensitive headers, support header/body allowlists/redaction lists, and applies a built-in
DEFAULT_URL_BLOCKLIST(merged intourlBlocklist) to prevent recording for specific auth/token endpoints.Reviewed by Cursor Bugbot for commit 45db54b. Bugbot is set up for automated code reviews on this repo. Configure here.