search

getsentry / sentry

Developer-first error tracking and performance monitoring
https://sentry.io
Other
37.23k stars 4k forks source link

CSP violation reports should attach to a trace #67050

Open ktosiek opened 2 months ago

ktosiek commented 2 months ago

Problem Statement

When working with CSP reports I don't get much context, which makes it hard to replicate the issue.

Solution Brainstorm

Adding a sentry_trace_id parameter to the security endpoint would help. This way a CSP report could be linked to other errors in the same trace. There are already sentry_environment and sentry_release parameters https://docs.sentry.io/product/security-policy-reporting/.

This could also be added to Sentry clients with CSP URL helpers (I think Ruby and PHP have something like that), to make the integration even more magical.

Product Area

Issues

getsantry[bot] commented 2 months ago

Assigning to @getsentry/support for routing ⏲️

ktosiek commented 2 months ago

Another related idea: allow other tags too (user.id or some tenant_id would be pretty helpful).

getsantry[bot] commented 2 months ago

Routing to @getsentry/product-owners-issues for triage ⏲️

jangjodi commented 2 months ago

Thank you for the suggestion! While this doesn't fall into our current initiatives, I will add it to our backlog.