fix(node): Compression headers leak between requests #5203

timfish · 2022-06-03T08:16:25Z

#5139 introduced a subtle bug where options.headers was modified which causes headers to leak between requests. This means requests after a compressed request will be incorrectly marked with content-encoding: gzip.

lforst

Nice thanks!

timfish · 2022-06-03T08:26:46Z

This took me so long to work out what was going on and I found it after telling Abhi the PR was good to go...

I'm trying to think how we can make bugs like this less likely. Making the options ReadOnly would have stopped this as options should be immutable?

lforst · 2022-06-03T08:47:17Z

Yup. Thought exactly the same thing. readonly would have caught this. I'll bounce this off the rest of the team and create an issue for it if we think it's a good idea.

timfish · 2022-06-03T09:06:32Z

At a minimum we could make the parameters in transports Readonly<T>.

export function makeNodeTransport(options: Readonly<NodeTransportOptions>): Transport {

We can't make transportOptions on the client options readonly because of this:

sentry-javascript/packages/node/src/client.ts

Lines 36 to 40 in 409f8fd

    
           // Until node supports global TextEncoder in all versions we support, we are forced to pass it from util 
        
           options.transportOptions = { 
        
             textEncoder: new TextEncoder(), 
        
             ...options.transportOptions, 
        
           };

lforst · 2022-06-03T09:18:44Z

I think we could rewrite the constructor of the clients so that it passes a new options object to super instead of a modified one. But yeah bare minimum we could make the node transport options readonly. I believe it's generally good practice to make as much readonly as possible.

@timfish

Note: This is an exact duplicate of #5139 and #5203, both originally by @timfish, which accidentally got merged into the 7.x branch rather than master. #5139: This is mostly stolen straight from the [Electron transport](https://github.com/getsentry/sentry-electron/blob/master/src/main/transports/electron-net.ts). This will help with attachments! #5203: #5139 introduced a subtle bug where `options.headers` was modified which causes headers to leak between requests. This means requests after a compressed request will be incorrectly marked with `content-encoding: gzip`.

Fix leaky headers

5c0c669

lforst approved these changes Jun 3, 2022

View reviewed changes

lforst merged commit f755bb3 into getsentry:7.x Jun 3, 2022

lobsterkatie mentioned this pull request Jun 4, 2022

feat(node): Compression support for http transport #5209

Merged

lobsterkatie pushed a commit that referenced this pull request Jun 4, 2022

fix(node): Compression headers leak between requests (#5203)

51e4c0c

lforst mentioned this pull request Jun 10, 2022

Pass SDK options down as readonly #5248

Closed

timfish deleted the fix/compression-headers branch October 5, 2022 09:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(node): Compression headers leak between requests #5203

fix(node): Compression headers leak between requests #5203

timfish commented Jun 3, 2022

lforst left a comment

timfish commented Jun 3, 2022

lforst commented Jun 3, 2022

timfish commented Jun 3, 2022 •

edited

Loading

lforst commented Jun 3, 2022

fix(node): Compression headers leak between requests #5203

fix(node): Compression headers leak between requests #5203

Conversation

timfish commented Jun 3, 2022

lforst left a comment

Choose a reason for hiding this comment

timfish commented Jun 3, 2022

lforst commented Jun 3, 2022

timfish commented Jun 3, 2022 • edited Loading

lforst commented Jun 3, 2022

timfish commented Jun 3, 2022 •

edited

Loading