Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Cookies are being sent in an error-report by default in Express app

See original GitHub issue

Is there an existing issue for this?

I have checked for existing issues https://github.com/getsentry/sentry-javascript/issues
I have reviewed the documentation https://docs.sentry.io/
I am using the latest SDK release https://github.com/getsentry/sentry-javascript/releases

How do you use Sentry?

Self-hosted/on-premise

Which package are you using?

@sentry/node

SDK Version

7.7.0

Framework Version

7.7.0

Link to Sentry event

No response

Steps to Reproduce

Using @sentry/node, Sentry.Handlers.requestHandler does not clean up cookie sent in the headers, from express-based app by default.

We are using a React-app with express-server dealing with SSR. In case of SSR-errors, @sentry/node is being used for handling errors. According to documentation, passing this options object: { request: ['headers', 'method', 'query_string', 'url'] } in Sentry.Handlers.requestHandler, will NOT include cookies into the payload with an error-event sent to Sentry. In our case it does and Sentry parses it as if we would actually pass the ‘cookies’ key into the options.request array.

Here is code to reproduce this in a basic express-app:

const Sentry = require('@sentry/node');
const app = require('express')();
const port = 3000;

Sentry.init({
  dsn: DSN_KEY,
  autoSessionTracking: false,
  release: RELEASE,
  beforeSend(event) {
    console.log(event); // Will have cookie prop in the headers. 
  },
});

app.use(Sentry.Handlers.requestHandler({
  request: ['headers', 'method', 'query_string', 'url'],
}));

app.get('/', (req, res) => {
  throw new Error('pep, an error');
  res.send('Hello World!');
});

app.use(Sentry.Handlers.errorHandler({
  shouldHandleError() {
    return true;
  },
}));

app.listen(port, () => {
  console.log(`Example app listening on port ${port}`);
});

Expected Result

Not passing ‘cookies’ key in the options.request array will clean up cookies from headers.

Actual Result

While not passing cookies key in the options.request we still get cookies in the reports, being sent to Sentry.

Issue Analytics

State:
Created a year ago
Reactions:3
Comments:5 (4 by maintainers)

Top GitHub Comments

1reaction

Lms24commented, Jul 27, 2022

Hi @ozerovs, thanks for writing in! We had a quick look at this issue and there might be something wrong on our end. We still need to look into it in greater detail. Backlogging this for now - thanks for reporting!

0reactions

Lms24commented, Oct 6, 2022

This was auto-closed by GH after merging the PR. Let me know if this PR doesn’t entirely solve your issue (see my comment above) then I’ll reopen this issue. We’ll release this in the next patch.

Top Results From Across the Web

How can I set cookie in node js using express framework?

static is handling the request, you need to move your middleware up: // need cookieParser middleware before we can do anything with cookies...

Configuration options - Express - Bugsnag docs

The Bugsnag client object has many configuration options that can be set to customize the content of events and sessions and how they...

Setting Up Error Reporting for Node.js - Google Cloud

You can send error reports to Error Reporting from Node.js applications by using the Error Reporting library for Node.js. Error Reporting is integrated...

How to Send Cookies from Express to a Front-End Application ...

In this article, I would be explaining how to send cookies from an Express app via an express-session package to the front end...

Setting and Using Cookies with a Node.js / Express Server

Until recently I had been taking my server's token from a login request ... we can store a token as a cookie on...