From 85ab572d9e4bbdc4b1b7d30cd16877a9852f89db Mon Sep 17 00:00:00 2001
From: ikorihn <16367098+ikorihn@users.noreply.github.com>
Date: Sun, 8 Jan 2023 23:37:45 +0900
Subject: [PATCH 1/2] feat: When ClientOptions.SendDefaultPii is false, send
 http headers without sensitive headers (#523)

---
 fasthttp/sentryfasthttp_test.go |  1 -
 http/sentryhttp_test.go         |  1 -
 interfaces.go                   | 50 +++++++++++++++++----------------
 interfaces_test.go              |  6 +++-
 4 files changed, 31 insertions(+), 27 deletions(-)

diff --git a/fasthttp/sentryfasthttp_test.go b/fasthttp/sentryfasthttp_test.go
index 3ee8b6667..6f40fd86c 100644
--- a/fasthttp/sentryfasthttp_test.go
+++ b/fasthttp/sentryfasthttp_test.go
@@ -142,7 +142,6 @@ func TestIntegration(t *testing.T) {
 
 	eventsCh := make(chan *sentry.Event, len(tests))
 	err := sentry.Init(sentry.ClientOptions{
-		SendDefaultPII: true,
 		BeforeSend: func(event *sentry.Event, hint *sentry.EventHint) *sentry.Event {
 			eventsCh <- event
 			return event
diff --git a/http/sentryhttp_test.go b/http/sentryhttp_test.go
index 2d97ce8bd..2602223c1 100644
--- a/http/sentryhttp_test.go
+++ b/http/sentryhttp_test.go
@@ -156,7 +156,6 @@ func TestIntegration(t *testing.T) {
 
 	eventsCh := make(chan *sentry.Event, len(tests))
 	err := sentry.Init(sentry.ClientOptions{
-		SendDefaultPII: true,
 		BeforeSend: func(event *sentry.Event, hint *sentry.EventHint) *sentry.Event {
 			eventsCh <- event
 			return event
diff --git a/interfaces.go b/interfaces.go
index 0d20ba397..9af1ce0e9 100644
--- a/interfaces.go
+++ b/interfaces.go
@@ -165,35 +165,23 @@ func NewRequest(r *http.Request) *Request {
 	}
 	url := fmt.Sprintf("%s://%s%s", protocol, r.Host, r.URL.Path)
 
+	sendDefaultPii := CurrentHub().Client() != nil && CurrentHub().Client().Options().SendDefaultPII
+
 	var cookies string
 	var env map[string]string
-	headers := map[string]string{}
-
-	if client := CurrentHub().Client(); client != nil {
-		if client.Options().SendDefaultPII {
-			// We read only the first Cookie header because of the specification:
-			// https://tools.ietf.org/html/rfc6265#section-5.4
-			// When the user agent generates an HTTP request, the user agent MUST NOT
-			// attach more than one Cookie header field.
-			cookies = r.Header.Get("Cookie")
-
-			for k, v := range r.Header {
-				headers[k] = strings.Join(v, ",")
-			}
-
-			if addr, port, err := net.SplitHostPort(r.RemoteAddr); err == nil {
-				env = map[string]string{"REMOTE_ADDR": addr, "REMOTE_PORT": port}
-			}
-		}
-	} else {
-		sensitiveHeaders := getSensitiveHeaders()
-		for k, v := range r.Header {
-			if _, ok := sensitiveHeaders[k]; !ok {
-				headers[k] = strings.Join(v, ",")
-			}
+	if sendDefaultPii {
+		// We read only the first Cookie header because of the specification:
+		// https://tools.ietf.org/html/rfc6265#section-5.4
+		// When the user agent generates an HTTP request, the user agent MUST NOT
+		// attach more than one Cookie header field.
+		cookies = r.Header.Get("Cookie")
+
+		if addr, port, err := net.SplitHostPort(r.RemoteAddr); err == nil {
+			env = map[string]string{"REMOTE_ADDR": addr, "REMOTE_PORT": port}
 		}
 	}
 
+	headers := filterHeaders(r.Header, sendDefaultPii)
 	headers["Host"] = r.Host
 
 	return &Request{
@@ -206,6 +194,20 @@ func NewRequest(r *http.Request) *Request {
 	}
 }
 
+func filterHeaders(header http.Header, sendDefaultPii bool) map[string]string {
+	headers := map[string]string{}
+
+	sensitiveHeaders := getSensitiveHeaders()
+	for k, v := range header {
+		_, sensitive := sensitiveHeaders[k]
+		if sendDefaultPii || !sensitive {
+			headers[k] = strings.Join(v, ",")
+		}
+	}
+
+	return headers
+}
+
 // Exception specifies an error that occurred.
 type Exception struct {
 	Type       string      `json:"type,omitempty"`  // used as the main issue title
diff --git a/interfaces_test.go b/interfaces_test.go
index 79014e34b..092e67555 100644
--- a/interfaces_test.go
+++ b/interfaces_test.go
@@ -80,6 +80,7 @@ func TestNewRequest(t *testing.T) {
 	r.Header.Add("Cookie", "foo=bar")
 	r.Header.Add("X-Forwarded-For", "127.0.0.1")
 	r.Header.Add("X-Real-Ip", "127.0.0.1")
+	r.Header.Add("Some-Header", "some-header value")
 
 	got := NewRequest(r)
 	want := &Request{
@@ -94,6 +95,7 @@ func TestNewRequest(t *testing.T) {
 			"Host":            "example.com",
 			"X-Forwarded-For": "127.0.0.1",
 			"X-Real-Ip":       "127.0.0.1",
+			"Some-Header":     "some-header value",
 		},
 		Env: map[string]string{
 			"REMOTE_ADDR": "192.0.2.1",
@@ -112,6 +114,7 @@ func TestNewRequestWithNoPII(t *testing.T) {
 	r.Header.Add("Cookie", "foo=bar")
 	r.Header.Add("X-Forwarded-For", "127.0.0.1")
 	r.Header.Add("X-Real-Ip", "127.0.0.1")
+	r.Header.Add("Some-Header", "some-header value")
 
 	got := NewRequest(r)
 	want := &Request{
@@ -121,7 +124,8 @@ func TestNewRequestWithNoPII(t *testing.T) {
 		QueryString: "q=sentry",
 		Cookies:     "",
 		Headers: map[string]string{
-			"Host": "example.com",
+			"Host":        "example.com",
+			"Some-Header": "some-header value",
 		},
 		Env: nil,
 	}

From de5abacf7efd188912cb5808767063459b8ed398 Mon Sep 17 00:00:00 2001
From: ikorihn <16367098+ikorihn@users.noreply.github.com>
Date: Tue, 10 Jan 2023 13:53:06 +0900
Subject: [PATCH 2/2] ref: Set headers inside client check (#523)

---
 interfaces.go | 32 ++++++++++++++------------------
 1 file changed, 14 insertions(+), 18 deletions(-)

diff --git a/interfaces.go b/interfaces.go
index 9af1ce0e9..8b0d06621 100644
--- a/interfaces.go
+++ b/interfaces.go
@@ -165,23 +165,33 @@ func NewRequest(r *http.Request) *Request {
 	}
 	url := fmt.Sprintf("%s://%s%s", protocol, r.Host, r.URL.Path)
 
-	sendDefaultPii := CurrentHub().Client() != nil && CurrentHub().Client().Options().SendDefaultPII
-
 	var cookies string
 	var env map[string]string
-	if sendDefaultPii {
+	headers := map[string]string{}
+
+	if client := CurrentHub().Client(); client != nil && client.Options().SendDefaultPII {
 		// We read only the first Cookie header because of the specification:
 		// https://tools.ietf.org/html/rfc6265#section-5.4
 		// When the user agent generates an HTTP request, the user agent MUST NOT
 		// attach more than one Cookie header field.
 		cookies = r.Header.Get("Cookie")
 
+		for k, v := range r.Header {
+			headers[k] = strings.Join(v, ",")
+		}
+
 		if addr, port, err := net.SplitHostPort(r.RemoteAddr); err == nil {
 			env = map[string]string{"REMOTE_ADDR": addr, "REMOTE_PORT": port}
 		}
+	} else {
+		sensitiveHeaders := getSensitiveHeaders()
+		for k, v := range r.Header {
+			if _, ok := sensitiveHeaders[k]; !ok {
+				headers[k] = strings.Join(v, ",")
+			}
+		}
 	}
 
-	headers := filterHeaders(r.Header, sendDefaultPii)
 	headers["Host"] = r.Host
 
 	return &Request{
@@ -194,20 +204,6 @@ func NewRequest(r *http.Request) *Request {
 	}
 }
 
-func filterHeaders(header http.Header, sendDefaultPii bool) map[string]string {
-	headers := map[string]string{}
-
-	sensitiveHeaders := getSensitiveHeaders()
-	for k, v := range header {
-		_, sensitive := sensitiveHeaders[k]
-		if sendDefaultPii || !sensitive {
-			headers[k] = strings.Join(v, ",")
-		}
-	}
-
-	return headers
-}
-
 // Exception specifies an error that occurred.
 type Exception struct {
 	Type       string      `json:"type,omitempty"`  // used as the main issue title