Skip to content

fix(asgi): Gate query string and client IP behind send_default_pii #6501

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ericapisani wants to merge 2 commits into
base: master
Choose a base branch
from
+18 −10

fix

adc69e9
Select commit
Loading
Failed to load commit list.
Open

fix(asgi): Gate query string and client IP behind send_default_pii #6501

fix
adc69e9
Select commit
Loading
Failed to load commit list.
@sentry/warden / warden: find-bugs completed Jun 4, 2026 in 1m 4s

1 issue

find-bugs: Found 1 issue (1 medium)

Medium

`url.full` (URL without query string) incorrectly gated behind `should_send_default_pii()` - `sentry_sdk/integrations/_asgi_common.py:124-131`

url.full is the base URL path with no query string — _get_url() docstring says it builds the URL "without also including the querystring" — so gating it behind should_send_default_pii() silently drops the request URL from all ASGI traces when PII is disabled, breaking basic HTTP observability.

⏱ 46.6s · 80.2k in / 4.4k out · $0.23

Annotations

Check warning on line 131 in sentry_sdk/integrations/_asgi_common.py

See this annotation in the file changed.

@sentry-warden sentry-warden / warden: find-bugs

`url.full` (URL without query string) incorrectly gated behind `should_send_default_pii()` 

`url.full` is the base URL path with no query string — `_get_url()` docstring says it builds the URL "without also including the querystring" — so gating it behind `should_send_default_pii()` silently drops the request URL from all ASGI traces when PII is disabled, breaking basic HTTP observability.
View more details on @sentry/warden