Skip to content

feat!: Only collect ip addresses with sendDefaultPii: true #15084

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Jan 21, 2025
Merged

feat!: Only collect ip addresses with sendDefaultPii: true #15084

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
152d3f6
feat!: Only collect ip addresses with `sendDefaultPii: true`
Jan 20, 2025
c86c8fd
cleanup
Jan 21, 2025
531dff1
.
Jan 21, 2025
dc8eb11
Add tests
Jan 21, 2025
ae240ea
format
Jan 21, 2025
238b5c8
Add migration doc entry
Jan 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions packages/browser-utils/src/metrics/utils.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ export function startStandaloneWebVitalSpan(options: StandaloneWebVitalSpanOptio

const { name, transaction, attributes: passedAttributes, startTime } = options;

const { release, environment } = client.getOptions();
const { release, environment, sendDefaultPii } = client.getOptions();
// We need to get the replay, user, and activeTransaction from the current scope
// so that we can associate replay id, profile id, and a user display to the span
const replay = client.getIntegrationByName<Integration & { getReplayId: () => string }>('Replay');
Expand Down Expand Up @@ -109,7 +109,7 @@ export function startStandaloneWebVitalSpan(options: StandaloneWebVitalSpanOptio
'user_agent.original': WINDOW.navigator?.userAgent,

// This tells Sentry to infer the IP address from the request
'client.address': '{{auto}}',
'client.address': sendDefaultPii ? '{{auto}}' : undefined,

...passedAttributes,
};
Expand Down
22 changes: 13 additions & 9 deletions packages/browser/src/client.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,19 +85,23 @@ export class BrowserClient extends Client<BrowserClientOptions> {
}

this.on('postprocessEvent', event => {
addAutoIpAddressToUser(event);
if (this._options.sendDefaultPii) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm, I wonder if we can just conditionally not add both of these hooks at all here if this is not on? 🤔 a bit simpler, you loose the ability to flip this option later, but is this something we want to/need to support?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

uh totally. Mutating options is kinda not something we intentionally support. Whenever it works it is usually by accident.

addAutoIpAddressToUser(event);
}
});

this.on('beforeSendSession', session => {
if ('aggregates' in session) {
if (session.attrs?.['ip_address'] === undefined) {
session.attrs = {
...session.attrs,
ip_address: '{{auto}}',
};
if (this._options.sendDefaultPii) {
if ('aggregates' in session) {
if (session.attrs?.['ip_address'] === undefined) {
session.attrs = {
...session.attrs,
ip_address: '{{auto}}',
};
}
} else {
addAutoIpAddressToUser(session);
}
} else {
addAutoIpAddressToUser(session);
}
});
}
Expand Down
8 changes: 5 additions & 3 deletions packages/core/src/integrations/requestdata.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import { Client } from '../client';
import { defineIntegration } from '../integration';
import type { Event, IntegrationFn, RequestEventData } from '../types-hoist';
import { parseCookie } from '../utils/cookie';
Expand Down Expand Up @@ -38,12 +39,12 @@ const _requestDataIntegration = ((options: RequestDataIntegrationOptions = {}) =

return {
name: INTEGRATION_NAME,
processEvent(event) {
processEvent(event, _hint, client) {
const { sdkProcessingMetadata = {} } = event;
const { normalizedRequest, ipAddress } = sdkProcessingMetadata;

if (normalizedRequest) {
addNormalizedRequestDataToEvent(event, normalizedRequest, { ipAddress }, include);
addNormalizedRequestDataToEvent(event, normalizedRequest, { ipAddress }, include, client);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

l: This is also fine, but what if we mutated include here instead? IMHO the addNormalizedRequestDataToEvent does not need to know of the client etc, we could do:

addNormalizedRequestDataToEvent(event, normalizedRequest, { ipAddress }, { ip: client.getOptions().sendDefaultPii, ...include });

or something like this? (not quite, as ip is set by default, but logic wise something like this...)

But I'm also OK with leaving it as it is here!

}

return event;
Expand All @@ -67,13 +68,14 @@ function addNormalizedRequestDataToEvent(
// Data that should not go into `event.request` but is somehow related to requests
additionalData: { ipAddress?: string },
include: RequestDataIncludeOptions,
client: Client,
): void {
event.request = {
...event.request,
...extractNormalizedRequestData(req, include),
};

if (include.ip) {
if (include.ip || client.getOptions().sendDefaultPii) {
const ip = (req.headers && getClientIPAddress(req.headers)) || additionalData.ipAddress;
if (ip) {
event.user = {
Expand Down
Loading