Skip to content

fix(core): Don't gate user data for streamed spans at scope read time#20827

Merged
nicohrubec merged 1 commit into
developfrom
nh/senddefaultpii-user-data
May 12, 2026
Merged

fix(core): Don't gate user data for streamed spans at scope read time#20827
nicohrubec merged 1 commit into
developfrom
nh/senddefaultpii-user-data

Conversation

@nicohrubec
Copy link
Copy Markdown
Member

@nicohrubec nicohrubec commented May 12, 2026
edited
Loading

User data should be gated at write time where it is put on the scope. If data makes it onto the scope we should not gate anymore so that if a user explicitly calls for instance Sentry.setUser() the data is set on the span (which is expected since the user made an explicit decision to include this).

Closes #20825

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 12, 2026

size-limit report 📦

Path Size % Change Change
@sentry/browser 26.84 kB - -
@sentry/browser - with treeshaking flags 25.28 kB - -
@sentry/browser (incl. Tracing) 44.73 kB - -
@sentry/browser (incl. Tracing + Span Streaming) 46.72 kB -0.03% -12 B 🔽
@sentry/browser (incl. Tracing, Profiling) 49.73 kB - -
@sentry/browser (incl. Tracing, Replay) 84.38 kB - -
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags 73.81 kB - -
@sentry/browser (incl. Tracing, Replay with Canvas) 89.08 kB - -
@sentry/browser (incl. Tracing, Replay, Feedback) 101.71 kB - -
@sentry/browser (incl. Feedback) 44.03 kB - -
@sentry/browser (incl. sendFeedback) 31.66 kB - -
@sentry/browser (incl. FeedbackAsync) 36.77 kB - -
@sentry/browser (incl. Metrics) 27.93 kB - -
@sentry/browser (incl. Logs) 28.08 kB - -
@sentry/browser (incl. Metrics & Logs) 28.75 kB - -
@sentry/react 28.59 kB - -
@sentry/react (incl. Tracing) 47.01 kB - -
@sentry/vue 31.75 kB - -
@sentry/vue (incl. Tracing) 46.59 kB - -
@sentry/svelte 26.86 kB - -
CDN Bundle 29.24 kB - -
CDN Bundle (incl. Tracing) 47.14 kB -0.03% -14 B 🔽
CDN Bundle (incl. Logs, Metrics) 30.61 kB - -
CDN Bundle (incl. Tracing, Logs, Metrics) 48.27 kB -0.03% -10 B 🔽
CDN Bundle (incl. Replay, Logs, Metrics) 69.94 kB - -
CDN Bundle (incl. Tracing, Replay) 84.53 kB -0.03% -18 B 🔽
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) 85.6 kB -0.03% -19 B 🔽
CDN Bundle (incl. Tracing, Replay, Feedback) 90.34 kB -0.02% -18 B 🔽
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) 91.44 kB -0.03% -20 B 🔽
CDN Bundle - uncompressed 85.99 kB - -
CDN Bundle (incl. Tracing) - uncompressed 141.44 kB -0.02% -27 B 🔽
CDN Bundle (incl. Logs, Metrics) - uncompressed 90.18 kB - -
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed 144.9 kB -0.02% -27 B 🔽
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed 215.01 kB - -
CDN Bundle (incl. Tracing, Replay) - uncompressed 260.15 kB -0.02% -27 B 🔽
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed 263.6 kB -0.02% -27 B 🔽
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed 273.85 kB -0.01% -27 B 🔽
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed 277.28 kB -0.01% -27 B 🔽
@sentry/nextjs (client) 49.52 kB - -
@sentry/sveltekit (client) 45.23 kB - -
@sentry/node-core 60.83 kB - -
@sentry/node 165.97 kB -0.01% -2 B 🔽
@sentry/node - without tracing 73.95 kB -0.01% -5 B 🔽
@sentry/aws-serverless 108.06 kB -0.01% -5 B 🔽
@sentry/cloudflare (withSentry) - minified 170.63 kB -0.02% -27 B 🔽
@sentry/cloudflare (withSentry) 430.41 kB -0.02% -61 B 🔽

View base workflow run

@nicohrubec nicohrubec marked this pull request as ready for review May 12, 2026 12:10
@nicohrubec
Copy link
Copy Markdown
Member Author

nicohrubec commented May 12, 2026

@cursor review

cursor[bot]
cursor Bot reviewed May 12, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit c723d61. Configure here.

@nicohrubec nicohrubec requested a review from chargome May 12, 2026 12:28
@nicohrubec nicohrubec changed the title fix(core): Don't gate user data for streamed paths at scope read time fix(core): Don't gate user data for streamed spans at scope read time May 12, 2026
chargome
chargome approved these changes May 12, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@chargome chargome left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally looks good according to the spec, but did you double check that all auto-instrumentation gates writing to the scope (the spec is still in draft atm)? Otherwise this would now leak PII

@nicohrubec
Copy link
Copy Markdown
Member Author

nicohrubec commented May 12, 2026

@chargome yes, should be good

@nicohrubec nicohrubec merged commit 6a7d179 into develop May 12, 2026
268 checks passed
@nicohrubec nicohrubec deleted the nh/senddefaultpii-user-data branch May 12, 2026 14:01
@sentry-release-bot sentry-release-bot Bot mentioned this pull request May 12, 2026
Open
47 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@chargome chargome chargome approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Streamed spans gate user attributes on sendDefaultPii at scope read time

2 participants

@nicohrubec @chargome