Skip to content

fix(asgi): Gate query string and client IP behind send_default_pii #6501

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ericapisani wants to merge 2 commits into
base: master
Choose a base branch
from
+18 −10

fix

adc69e9
Select commit
Loading
Failed to load commit list.
Open

fix(asgi): Gate query string and client IP behind send_default_pii #6501

fix
adc69e9
Select commit
Loading
Failed to load commit list.
@sentry/warden / warden: code-review completed Jun 4, 2026 in 54s

1 issue

code-review: Found 1 issue (1 high)

High

`url.full` incorrectly gated behind `should_send_default_pii()`, suppressing it for all default users - `sentry_sdk/integrations/_asgi_common.py:124-131`

url.full is placed inside the should_send_default_pii() block alongside http.query, but _get_url() explicitly strips the query string (see its docstring: "without also including the querystring"), so the base URL is not PII and should always be captured. This causes url.full to be absent from all spans when PII is disabled, breaking standard OTel HTTP server span semantics for the majority of users.

⏱ 35.0s · 38.9k in / 3.4k out · $0.20

Annotations

Check failure on line 131 in sentry_sdk/integrations/_asgi_common.py

See this annotation in the file changed.

@sentry-warden sentry-warden / warden: code-review

`url.full` incorrectly gated behind `should_send_default_pii()`, suppressing it for all default users 

`url.full` is placed inside the `should_send_default_pii()` block alongside `http.query`, but `_get_url()` explicitly strips the query string (see its docstring: "without also including the querystring"), so the base URL is not PII and should always be captured. This causes `url.full` to be absent from all spans when PII is disabled, breaking standard OTel HTTP server span semantics for the majority of users.
View more details on @sentry/warden