-
-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request and Response bodies for GraphQL errors #93
Conversation
|
||
- Do we need to send the GraphQL scheme to Sentry in order to do data scrubbing properly? | ||
- Should this feature be opt-in due to the size of the data and PII risk? | ||
- Should we send the Request and Response as different envelope items? (avoid the size limit) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See option 3 and 4.
|
||
# Unresolved questions | ||
|
||
- Do we need to send the GraphQL scheme to Sentry in order to do data scrubbing properly? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It'd require changes on sentry-cli, data scrubbing, etc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably not, because the PII will be under variables
values per spec. and we can use that to match and strip out the PII data.
|
||
SDKs should discard large and binary bodies by default, using the [maxRequestBodySize](https://docs.sentry.io/platforms/android/configuration/options/#max-request-body-size) and `maxResponseBodySize` (it'll be added) options. | ||
|
||
The difference is that for GraphQL errors, this should be enabled by default. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we don't send the payload, the user won't have context about what has to be fixed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The other option is to manipulate the request and payload sent, for example, sending only the errors
of the response and the body without the variables
from the request, which requires serializing/deserializing the request and response of the client, this might add performance overhead as just sending it as it is, but it's an option.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How will we handle situations where partial data are returned with errors? Will we only send the errors to Sentry or the filtered data too?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's still an error, https://www.notion.so/sentry/GraphQL-proposal-d6e5846f30434770903cf3af20bc2568?pvs=4#65c51cb28c1c421e8b3edd4f5fe2f427
I'll check during the implementation if there's a performance impact of serializing the error, extracting the non-required fields, etc.
@scefali @malwilley adding you to the loop since this change affects the FE for syntax highlight. |
text/0087-graphql-errors.md
Outdated
|
||
## Must have | ||
|
||
The fields `Request#data` and `Response#data` could contain PII and they should run data scrubbing agressively. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should consider allowing people to opt out of scrubbing. Often, the actual payload is the information needed to reproduce bugs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Data scrubbing rules are already possible in the project config, but not everything, we'd stick with what's in there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Which project config? Are you talking about server-side scrubbing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, eg https://sentry-sdks.sentry.io/settings/projects/sentry-cocoa/security-and-privacy/
Scrubbing will be server-side, so if there's an option to enable/disable, it should be there.
People can also opt-in for SDK scrubbing using beforeSend
.
The event will likely need an identification either via |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm a bit confused by this RFC 🤔. The title is Request and Response bodies for GraphQL errors
, the summary describes
Add
Request
andResponse
body to events.
and the option 1 is about
adding a
data
field in the [Response]
I'm totally on board with option 1 to solve the problem for GraphQL errors. What I'm unsure about is if we also want to decide in this RFC
- if we should add request and response bodies to events (that's unclear to me)
- how to send GraphQL request and response data (I would assume we don't want to decide that in this PR)
Could you please help me 😄, @marandaneto?
|
||
[Session Replay](https://docs.sentry.io/platforms/javascript/guides/remix/session-replay/configuration/) already sends the request and response bodies, so we can use the same data scrubbing rules. | ||
|
||
Since GraphQL is a well defined spec, we can also scrub the GraphQL fields. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about only sending the fields we are sure about not containing any PII? Then we could turn this feature on by default and no scrubbing would be needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The downside is the performance impact of serializing on the client and duplicating all the data scrubbing logic in every SDK, hence focusing on Relay for PII.
It's also easier to roll out bug fixing on Relay.
It is a valid option though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll add it as a note.
Edit: it's part of the Unresolved questions already:
Should PII be scrubbed in the SDK instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doing it on every SDK is a downside, yes, but the logic for only selecting well-known fields shouldn't be that complicated. We could also move it to Relay if it is too complicated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
During the initial discussion, we opted for Relay to avoid duplication and an easy way of rolling out bug fixes as described in the message above, if it turns out to be super simple, and has no performance impact at all, we can evaluate it in the next iteration.
Unless there's a strong reason otherwise, Relay still should do PII on its own anyway.
Sending the request and response bodies to Sentry isn't optional, this is needed for the user to know what's the issue about, how to fix it, and have syntax highlight as well, so it's either doing this or not implementing this feature.
The goal as of now is to just send it as part of the |
Co-authored-by: Roman Zavarnitsyn <[email protected]>
In the RFC, you wrote
I am confused now, do we want to apply the same data scrubbing rules as for |
|
||
# Proposal (Option 1) | ||
|
||
The proposal is adding a `data` field in the [Response](https://develop.sentry.dev/sdk/event-payloads/types/#responsecontext) interface. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Dart seems to use the key body
instead of data
: https://github.com/getsentry/sentry-dart/blob/7011abe27ac69bd160bdc6ecf3314974b8340b97/dart/lib/src/protocol/sentry_response.dart#L59
I think data
is better because it is consistent with Request
, but I wanted to point out the inconsistency.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, I can deprecate body
and add data
, both will serialize as data
anyway.
Co-authored-by: Joris Bayer <[email protected]>
The goal is that if the event isn't a GraphQL error, it should run data scrubbing for |
@marandaneto so you want to parse the graphql and iterate over its keys / values, and apply existing data scrubbing rules to those parsed items? If so, we definitely need a discriminator. I would put it inside the request / response, maybe an optional |
yes, that can be the mechanism as suggested here #93 (comment) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Describe your RFC briefly so that reviewers can quickly find out what
happens. Also please edit the "Rendered RFC" link so one can quickly
get to the rendered markdown file.
Rendered RFC