You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: develop-docs/sdk/expected-features/data-handling.mdx
+22-11Lines changed: 22 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,24 +13,21 @@ In the event that API returns data considered PII, we guard that behind a flag c
13
13
This is an option in the SDK called [_send-default-pii_](https://docs.sentry.io/platforms/python/configuration/options/#send-default-pii)
14
14
and is **disabled by default**. That means that data that is naturally sensitive is not sent by default.
15
15
16
-
Handling sensitive data in the SDK regardless of the `send_default_pii` setting:
16
+
Certain sensitive data must never been sent by the SDK, regardless of any config:
17
17
18
-
- HTTP Headers: The keys of known sensitive headers (such as `Authorization` or `Cookie`) are added, while their values must be replaced with `"[Filtered]"`.
18
+
- HTTP Headers: The keys of known sensitive headers are added, while their values must be replaced with `"[Filtered]"`.
19
+
- The SDK performs a **partial, case-insensitive match** against the following headers to determine if they are sensitive: `["auth", "token", "secret", "password", "passwd", "key", "jwt", "bearer", "sso", "saml", "crsf", "xsrf", "credentials"]`
19
20
20
-
<Expandabletitle="List of sensitive HTTP headers">
21
-
22
-
The SDK performs a **partial, case-insensitive match** against the following headers to determine if they are sensitive:
SDKs should only replace sensitive data with `"[Filtered]"` when the data is gathered automatically through instrumentation.
22
+
If a user explicitly provides data (for example, by setting a request object on the scope), the SDK must not modify it.
27
23
28
24
Some examples of data guarded by `send_default_pii: false`:
29
25
30
26
- When attaching data of HTTP requests and/or responses to events
31
-
- Request Body: "raw" HTTP bodies (bodies which cannot be parsed as JSON or formdata) are removed
27
+
- Request Body: "raw" HTTP bodies (bodies which cannot be parsed as JSON or FormData) are removed
28
+
- HTTP Headers: header values, containing information about the user are replaced with `"[Filtered]"`
32
29
-_Note_ that if a user explicitly sets a request on the scope, nothing is stripped from that request. The above rules only apply to integrations that come with the SDK.
33
-
- User-specific information (e.g. the current user ID according to the used web-framework) is not sent at all.
30
+
- User-specific information (e.g. the current user ID according to the used web-framework) is not collected and therefore not sent at all.
34
31
- On desktop applications
35
32
- The username logged in the device is not included. This is often a person's name.
36
33
- The machine name is not included, for example `Bruno's laptop`
@@ -44,6 +41,20 @@ Before sending events to Sentry, the SDKs should invokes callbacks. That allows
44
41
45
42
-[`before-send` and `event-processors`](/sdk/miscellaneous/unified-api/#static-api) can be used to register a callback with custom logic to remove sensitive data.
46
43
44
+
### Cookies
45
+
46
+
Since cookies can contain a mix of sensitive and non-sensitive data, SDKs should parse the cookie header and filter values on a per-key basis, depending on the SDK setting and the sensitivity of the cookie value.
47
+
In case, the SDK cannot parse each cookie key-value pair, the entire cookie header must be replaced with `"[Filtered]"`. An unfiltered, raw cookie header value must never be sent.
48
+
49
+
This selective filtering prevents capturing sensitive data while retaining harmless contextual information for debugging.
50
+
For example, a sensitive session cookie's value is replaced with "[Filtered]", but a non-sensitive theme cookie can be sent as-is.
51
+
52
+
When attached as span attributes, the results should be as follows:
-`http.request.header.cookie: "[Filtered]"` (Used as a fallback if the cookie header cannot be parsed)
57
+
47
58
### Application State
48
59
49
60
App state can be critical to help developers reproduce bugs. For that reason, SDKs often collect app state and append to events through auto instrumentation.
0 commit comments