feat: parse request body for outgoing http#1339
Conversation
ed9967f to
753d7fa
Compare
Semver Impact of This PR🟡 Minor (new features) 📋 Changelog PreviewThis is how your changes will appear in the changelog. New Features ✨
Bug Fixes 🐛
Internal Changes 🔧
🤖 This preview updates automatically when you update the PR. |
197f83e to
5b4b523
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 52c44a1. Configure here.
753d7fa to
8bd0126
Compare
dabeae6 to
aa6ad61
Compare
| if !dc.CollectCookies() { | ||
| continue | ||
| } | ||
| value = dc.FilterCookies(strings.Join(values, "; ")) |
There was a problem hiding this comment.
Bug: The logic for parsing Set-Cookie headers incorrectly joins multiple headers with "; " and then splits by ;, misinterpreting cookie attributes as cookie names.
Severity: MEDIUM
Suggested Fix
Instead of joining multiple Set-Cookie headers with a semicolon, they should be handled individually. Iterate through the values slice from the header map. For each value (which represents a full Set-Cookie string like session=secret; Path=/), call FilterCookies on it separately and append the results. This will prevent cookie attributes from being incorrectly split and parsed as cookie names.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.
Location: httpclient/sentryhttpclient.go#L210
Potential issue: When processing multiple `Set-Cookie` response headers, the code joins
them with `"; "` before parsing. Since individual `Set-Cookie` headers use semicolons to
separate attributes (e.g., `Path`, `HttpOnly`), the subsequent split by `;` in
`FilterCookies` and `parseKeyValueString` causes these attributes to be misinterpreted
as cookie names. This results in corrupted and incorrect
`http.response.header.set-cookie` data on the Sentry span for any standard server
response that includes cookie attributes.

Description
This adds request and response parsing for outgoing http client spans.
Issues
Changelog Entry Instructions
To add a custom changelog entry, uncomment the section above. Supports:
For more details: custom changelog entries
Reminders
feat:,fix:,ref:,meta:)Changelog Entry
ClientOptions.DataCollectionfor granular control over data collected by automatic instrumentation, replacing the broadSendDefaultPIIswitch.DataCollectioncan independently configure automaticuser.*population, cookies, request/response headers, HTTP bodies, and query parameters. When configured, it is the source of truth andSendDefaultPIIis ignored.DataCollectionkeep a best-effort mapping of the previousSendDefaultPIIbehavior. To opt in to the new defaults, pass an emptyDataCollectionand then restrict individual categories as needed.