Data handling is the standardized context in how we want SDKs help users filter data.
In older SDKs you might sometimes see elaborate constructs to allow the user to strip away sensitive data. Newer SDKs no longer have this feature as it turned out to be too hard to maintain per-SDK. Instead, only two simple config options are left:
send-default-pii is disabled by default, meaning that data that is naturally sensitive is not sent by default. That means, for example:
When attaching HTTP requests to events, "raw" bodies (bodies which cannot be parsed as JSON or formdata) are removed, and known sensitive headers such as
Cookiesare removed too.
User-specific information (e.g. the current user ID according to the used webframework) is not sent at all.
Note that if a user explicitly sets a request on the scope, nothing is stripped from that request. The above rules only apply to integrations that come with the SDK.
before-send can be used to register a callback with custom logic to remove sensitive data.
Fields in the event payload that allow user-specified or dynamic values are restricted in size. This applies to most meta data fields, such as variables in a stack trace, as well as contexts, tags and extra data:
- Mappings of values (such as HTTP data, extra data, etc) are limited to 50 item pairs.
- Event IDs are limited to 36 characters and must be valid UUIDs.
- Tag keys are limited to 32 characters.
- Tag values are limited to 200 characters.
- Culprits are limited to 200 characters.
- Context objects are limited to 8kB.
- Extra data is limited to 16kB.
- Messages are limited to 8192 characters.
- HTTP data (the body) is limited to 8kB. Always trim HTTP data before attaching it to the event.
- Stack traces are limited to 50 frames. If more are sent, data will be removed from the middle of the stack.
Additionally, size limits apply to all store requests for the total size of the request, event payload, and attachments. Sentry rejects all requests exceeding these limits. Please refer the following resources for the exact size limits: