getsentry · s1gr1d · Apr 28, 2025 · Apr 30, 2025 · Apr 30, 2025 · Apr 30, 2025
diff --git a/packages/browser-utils/src/networkUtils.ts b/packages/browser-utils/src/networkUtils.ts
@@ -17,6 +17,7 @@ export function serializeFormData(formData: FormData): string {
 
 /** Get the string representation of a body. */
 export function getBodyString(body: unknown, _logger: Logger = logger): [string | undefined, NetworkMetaWarning?] {
+  // fixme: only add body string if `sendDefaultPii` is enabled?
   try {
     if (typeof body === 'string') {
       return [body];

diff --git a/packages/browser/src/integrations/httpcontext.ts b/packages/browser/src/integrations/httpcontext.ts
@@ -20,7 +20,7 @@ export const httpContextIntegration = defineIntegration(() => {
       const { userAgent } = WINDOW.navigator || {};
 
       const headers = {
-        ...event.request?.headers,
+        ...event.request?.headers, // fixme: add conditional for `sendDefaultPii` here?
         ...(referrer && { Referer: referrer }),
         ...(userAgent && { 'User-Agent': userAgent }),
       };

diff --git a/packages/bun/src/integrations/bunserver.ts b/packages/bun/src/integrations/bunserver.ts
@@ -209,7 +209,7 @@ function wrapRequestHandler<T extends RouteHandler = RouteHandler>(
       normalizedRequest: {
         url: request.url,
         method: request.method,
-        headers: request.headers.toJSON(),
+        headers: request.headers.toJSON(), // fixme: headers are passed 1:1
         query_string: parsedUrl?.search,
       } satisfies RequestEventData,
     });
@@ -232,7 +232,7 @@ function wrapRequestHandler<T extends RouteHandler = RouteHandler>(
               if (response?.status) {
                 setHttpStatus(span, response.status);
                 isolationScope.setContext('response', {
-                  headers: response.headers.toJSON(),
+                  headers: response.headers.toJSON(), // fixme: headers are passed 1:1
                   status_code: response.status,
                 });
               }

diff --git a/packages/cloudflare/src/sdk.ts b/packages/cloudflare/src/sdk.ts
@@ -27,6 +27,7 @@ export function getDefaultIntegrations(options: CloudflareOptions): Integration[
     functionToStringIntegration(),
     linkedErrorsIntegration(),
     fetchIntegration(),
+    // todo: the `include` object should be defined based on `sendDefaultPii` directly in the integration
     requestDataIntegration(sendDefaultPii ? undefined : { include: { cookies: false } }),
     consoleIntegration(),
   ];

diff --git a/packages/core/src/fetch.ts b/packages/core/src/fetch.ts
@@ -205,6 +205,7 @@ function endSpan(span: Span, handlerData: HandlerDataFetch): void {
   if (handlerData.response) {
     setHttpStatus(span, handlerData.response.status);
 
+    // fixme: only send if `sendDefaultPii`?
     const contentLength = handlerData.response?.headers && handlerData.response.headers.get('content-length');
 
     if (contentLength) {

diff --git a/packages/core/src/integrations/requestdata.ts b/packages/core/src/integrations/requestdata.ts
@@ -45,6 +45,7 @@ const _requestDataIntegration = ((options: RequestDataIntegrationOptions = {}) =
 
       const includeWithDefaultPiiApplied: RequestDataIncludeOptions = {
         ...include,
+        // todo: also exclude cookies and headers if sendDefaultPii is false
 if (_shouldSendDefaultPii()) { 
   try { 
     const cookieString = xhr.getResponseHeader('Set-Cookie') || xhr.getResponseHeader('set-cookie') || undefined; 
     if (cookieString) { 
       responseCookies = _parseCookieString(cookieString); 
     } 
 if (_shouldSendDefaultPii()) { 
   try { 
     const cookieString = xhr.getResponseHeader('Set-Cookie') || xhr.getResponseHeader('set-cookie') || undefined; 
  
     if (cookieString) { 
       responseCookies = _parseCookieString(cookieString); 
     } 
         ip: include.ip ?? client.getOptions().sendDefaultPii,
       };
 
@@ -74,6 +75,7 @@ function addNormalizedRequestDataToEvent(
   additionalData: { ipAddress?: string },
   include: RequestDataIncludeOptions,
 ): void {
+  // fixme: only add when `sendDefaultPii` is enabled?
   event.request = {
     ...event.request,
     ...extractNormalizedRequestData(req, include),
@@ -121,6 +123,7 @@ function extractNormalizedRequestData(
   }
 
   if (include.cookies) {
+    // fixme: cookies enabled by default?
     const cookies = normalizedRequest.cookies || (headers?.cookie ? parseCookie(headers.cookie) : undefined);
     requestData.cookies = cookies || {};
   }

diff --git a/packages/node/src/integrations/context.ts b/packages/node/src/integrations/context.ts
@@ -61,6 +61,7 @@ const _nodeContextIntegration = ((options: ContextOptions = {}) => {
 
     const updatedContext = _updateContext(await cachedContext);
 
+    // fixme: conditional with `sendDefaultPii` here?
     event.contexts = {
       ...event.contexts,
       app: { ...updatedContext.app, ...event.contexts?.app },

diff --git a/packages/replay-internal/src/coreHandlers/util/fetchUtils.ts b/packages/replay-internal/src/coreHandlers/util/fetchUtils.ts
@@ -55,9 +55,11 @@ export function enrichFetchBreadcrumb(
 ): void {
   const { input, response } = hint;
 
+  // fixme: only add this if `sendDefaultPii` is enabled?
   const body = input ? getFetchRequestArgBody(input) : undefined;
   const reqSize = getBodySize(body);
 
+  // fixme: only send response body size if `sendDefaultPii` is enabled?
   const resSize = response ? parseContentLengthHeader(response.headers.get('content-length')) : undefined;
 
   if (reqSize !== undefined) {

diff --git a/packages/vercel-edge/src/sdk.ts b/packages/vercel-edge/src/sdk.ts
@@ -59,6 +59,7 @@ export function getDefaultIntegrations(options: Options): Integration[] {
     linkedErrorsIntegration(),
     winterCGFetchIntegration(),
     consoleIntegration(),
+    // fixme: integration can be included - but integration should not add IP address etc
     ...(options.sendDefaultPii ? [requestDataIntegration()] : []),
   ];
 }