ref(tracing): Remove transaction name and user_id from DSC#5363
Conversation
temporary fix to no longer propagate potential PII
size-limit report 📦
|
| baggage: expect.stringContaining( | ||
| 'sentry-environment=prod,sentry-release=1.0,sentry-transaction=GET%20%2Ftest%2Fexpress,' + | ||
| 'sentry-public_key=public,sentry-trace_id=', | ||
| 'sentry-environment=prod,sentry-release=1.0,sentry-public_key=public,sentry-trace_id=', |
There was a problem hiding this comment.
Tiny tiny nit: If we're commenting stuff out in the other tests rather than modifying said stuff, I'd leave the old value here, commented out (in addition to the new value, of course).
(Same in the other spots where this applies.)
| // Skipping this test because right now we're not including user_id at all | ||
| test.skip('Includes user_id in baggage if sendDefaultPii is set to true', async () => { |
There was a problem hiding this comment.
Since, as discussed in the meeting earlier, we're not going to be using sendDefaultPII to control this (now or ever), we should pull it from any tests it's in.
We can leave this test, maybe, since something will eventually control that, but if so I'd probably do something like
| // Skipping this test because right now we're not including user_id at all | |
| test.skip('Includes user_id in baggage if sendDefaultPii is set to true', async () => { | |
| // TODO: Skipping this test because right now we're rethinking the mechanism for including such data | |
| test.skip('Includes user_id in baggage if <optionTBA> is set to true', async () => { |
and add a similar TODO to the companion file which sets up the test.
| transaction: this.name, | ||
| ...(hub.shouldSendDefaultPii() && { user_id }), | ||
| // transaction: this.name, | ||
| // ...(hub.shouldSendDefaultPii() && { user_id }), |
There was a problem hiding this comment.
See above re: sendDefaultPII.
This patch temporarily removes the
user_idandtransaction(name) fields from the dynamic sampling context, meaning they will no longer propagated with outgoing requests via the baggage Http header or sent to sentry via thetraceenvelope header.We're taking this temporary measure to ensure that for the moment PII is not sent to third parties. Developer spec is update in getsentry/develop#631.