withSentry in nextjs can not be configured to scrub cookies (sensitive data)

[wereHamster]

Problem Statement

All I want is to scrub certain (or all) cookies from the events sent to Sentry. Basic data scrubbing of sensitive fields.

The beforeSend hook is never called. Don't know why, but I saw in the code that the beforeSend hook is not called when the event type is transaction, and all events I see go through the sentry code are transactions.

I'm using withSentry from the @sentry/nextjs package, which internally calls parseRequest that's responsible for extracting the relevant sensitive data from the request. The parseRequest function accepts (optional) options, that AFAICS can be used to limit what keys are extracted from the request (defaults include cookies). The withSentry function however does not allow passing any options to parseRequest.

Solution Brainstorm

Allow options to be passed to withSentry to allow it to override what keys are extracted by extractRequestData. The requestHandler function can be configured in such a way, for example.

Or provide a hook that's called on /all/ events before they are sent to Sentry, not just some.

[lobsterkatie]

Hi, @wereHamster.

Thanks for bringing this up. We'll chat as a team to see how we best want to handle this. In the meantime, as a workaround, you can add an event processor, and it'll work just like beforeSend, except that it will run on both error and transaction events:

Sentry.addGlobalEventProcessor(event => {
  // make any changes to event data that you'd like here
  return event;
});

The one drawback is that in order to make sure that the processor runs after parseRequest, you'll need to call this inside your route handler.

[wereHamster]

Do I really have to do it for each request? Can't I call addGlobalEventProcessor just after Sentry.init() ?