Network trafic with user consent revoked

[bgedzior-logi]

In our project we currently use sentry native version 0.7.17. In some scenarios we allow crash reporting to the online repository, however in some cases we use it only fo local dumps collection. Is such case we use:

sentry_options_set_require_user_consent(options, true);
and
sentry_user_consent_revoke()

Even though, on closing every session, in Wireshark we see packets sent to 34.120.195.249.
This is unacceptable in our use case, we don't want any network traffic.

I was able to workaround it by simply setting an empty dsn, however, I'm concerned about possible additional traffic to other ips.

Does someone know if settings empty dsn is sufficient to supress any network traffic caused by sentry, or is there any option to make sentry explicitly 'silent'?

[supervacuus]

Even though, on closing every session, in Wireshark we see packets sent to 34.120.195.249.
This is unacceptable in our use case, we don't want any network traffic.

This shouldn't be the case. If the user-consent was correctly revoked, any envelope, regardless of whether it was a session or an event, should be dropped. Can you provide a minimal repro that shows this? Remember that sentry_user_consent_revoke() must be called after sentry_init().

I was able to workaround it by simply setting an empty dsn, however, I'm concerned about possible additional traffic to other ips.

There is no traffic other than to the URL encoded in your DSN. That is certainly an option if you never want to send anything to Sentry.

[bgedzior-logi]

Thank you for the reply.

Remember that sentry_user_consent_revoke() must be called after sentry_init().

I know, this is the way I do it.

Can you provide a minimal repro that shows this?

Yes, I'll try to do it.

There is no traffic other than to the URL encoded in your DSN. That is certainly an option if you never want to send anything to Sentry.

That's good to know. It aligns with my Wireshark tests.

Thanks once again for your time.

[bgedzior-logi]

I tried to make an example, and I must admit that I was wrong, when user content is revoked there's indeed no outgoing traffic. My mistake was caused by GUI thread that also was using sentry and interfered with my tests.

However, I discovered other thing. If you run sequence: sentry_init() -> sentry_close() -> sentry_init() you end up with two crashpad_handler processes running. Is it intended? Minimum reproducible example attached.

sentry-example.zip

[supervacuus]

I tried to make an example, and I must admit that I was wrong, when user content is revoked there's indeed no outgoing traffic.

Great!

However, I discovered other thing. If you run sequence: sentry_init() -> sentry_close() -> sentry_init() you end up with two crashpad_handler processes running. Is it intended? Minimum reproducible example attached.

This is a side effect of Crashpad not having a shutdown procedure, as it is intended to run until the process is stopped. There is no concept in crashpad of a client that could shut down the handler. The handler is entirely on its own and only triggered by whatever the kernel delivers over the exception port (the behavior is similar on the other platforms, even though there the handler typically receives crashes from the client).