feat(tracing): Add initial tracestate header handling

[lobsterkatie]

This is the result of rebasing the feature branch for the initial implementation of tracestate header handling (which had grown very stale) on top of current master. That branch is going to get deleted, so for posterity, it included the following PRs (oldest -> newest):

feat(tracing): Add dynamic sampling correlation context data to envelope header (#3062)
chore(utils): Split browser/node compatibility utils into separate module (#3123)
ref(tracing): Prework for initial tracestate implementation (#3242)
feat(tracing): Add tracestate header to outgoing requests (#3092)
ref(tracing): Rework tracestate internals to allow for third-party data (#3266)
feat(tracing): Handle incoming tracestate data, allow for third-party data (#3275)
chore(tracing): Various small fixes to first tracestate implementation (#3291)
fix(tracing): Use Request.headers.append correctly (#3311)
feat(tracing): Add user data to tracestate header (#3343)
chore(various): Small fixes (#3368)
fix(build): Prevent Node's Buffer module from being included in browser bundles (#3372)
fix(tracing): Remove undefined tracestate data rather than setting it to null (#3373)

(This isn't a literal rebasing - the commits in this PR are different from those above - because in each original commit there were so many merge conflicts, in so many parts of so many different files, that it seemed easier to apply the final state of that branch to current master and back-engineer a commit history from there, so that I only had to detangle each section of code once.)

Of all the TODOs included in those PR descriptions, the ones that remain relevant are:

• We don't currently handle weird edge cases in terms of third-party data in the headers (blank values, for instance), as detailed in the official spec.
• User data is included as an object, with the keys id and segment. For now, the id is sent un-hashed (until we can figure out exactly how we want to handle hashing in a way which is repeatable across platforms).

In the meantime, one new one has cropped up:

• We need to add transaction name to the tracestate data. In doing this, we'll need to note all of the places where a transaction's name changes partway through (or at the end of) its lifecycle, as this could mean that the value in the propagated tracestate (depending on when it's computed) might not match the final value on the transaction event itself. (Most often, these midstream name changes are the result of replacing a literal URL (/dogs/maisey) with a parameterized one (/dogs/:name), which can't be done until the framework has finished routing the request.) It's an open question what to do with such a mismatch, but at minimum we should know when it might happen.

The only other notable thing about the branch is that there's a fairly comprehensive description of tracestate lazy computation (which might be useful for the develop docs) included in the description for #3343.

[github-actions]

size-limit report

Path	Size
@sentry/browser - CDN Bundle (gzipped)	21.87 KB (+1.38% 🔺)
@sentry/browser - Webpack	22.83 KB (+1.1% 🔺)
@sentry/react - Webpack	22.86 KB (+1.11% 🔺)
@sentry/browser + @sentry/tracing - CDN Bundle (gzipped)	30.02 KB (+3.43% 🔺)

[rhcarvalho]

Isn't this assertion redundant when we already test for equality in the next lines?

[lobsterkatie]

The equality test passing implies this one will, it's true, but not vice-versa. My thinking here is that if the equality test fails but this test passes, it narrows down the problem.

[rhcarvalho]

This is logically implied from the assertion above it.

[lobsterkatie]

I suppose that's true. I can remove it. (I'm not going to push the change until after the ember test problem is fixed, though, because I'm just going to have to rebase on top of that fix and push again at that point.)

[rhcarvalho]

Spotty review from mobile on the go. Sorry sorry

Afraid this is such a large commit touching 50+ files ... Maybe could have some of those trivial changes touching many test files be a separate PR...

[rhcarvalho]

Hmm this could lead to a spammy stream of errors sent to Sentry if clients are sending bad data. It would be a safer approach here to ignore invalid input, might log the error to the console.

Users can't really fix this error once they see it in Sentry. Either our SDKs have a bug or a bad client is sending data and SDK users can't really fix it on their own.

[lobsterkatie]

I don't think it'll get through to users' issue streams. Because it's a SentryError, it'll just get thrown rather than captured - see

sentry-javascript/packages/core/src/baseclient.ts

Lines 542 to 559 in e46ff3e

	this._sendEvent(processedEvent);
	return processedEvent;
	})
	.then(null, reason => {
	if (reason instanceof SentryError) {
	throw reason;
	}
	this.captureException(reason, {
	data: {
	__sentry__: true,
	},
	originalException: reason as Error,
	});
	throw new SentryError(
	`Event processing pipeline threw an error, original event will not be sent. Details have been sent as a new event.\nReason: ${reason}`,
	);
	});

.

[rhcarvalho]

Is this related to tracestate?

[lobsterkatie]

Yes. Environment is part of the data that goes into tracestate, so it needs to be set in time for that to happen. If the user provides an environment, we're already good, but if we need to use the default, at the moment that's not getting added until we're sending the event. This moves it earlier so that it's available when we compute the tracestate value.

See #3242.

[rhcarvalho]

These test changes seen unrelated to tracestate

[lobsterkatie]

See my comment above re: setting default environment earlier.

[lobsterkatie]

Afraid this is such a large commit touching 50+ files ... Maybe could have some of those trivial changes touching many test files be a separate PR...

It was separate PRs - all of the ones listed in the PR description - all of which have already been reviewed. The only reason this is a new PR and not just a straight-up rebase of the branch is because it was getting too messy. So if there are glaring problems I'm happy to fix them, but anything other than that should probably be handled in a separate PR, since this is meant to be equivalent to having done the rebase directly.

[lobsterkatie]

Given that this has all been reviewed as part of the old PRs, and that it's getting merged into a feature branch rather than master, I'm going to merge this. If there's anything else which needs fixing, it can be done in the final PR merging the feature branch into master.