Document and add sendDefaultPii: true to onboarding docs
#121
Comments
|
@HazAT I already see people blindly copying this, how about having the prop commented out by default? Something like this Sentry.init({
dsn: "DSN",
// Uncomment if you want to see request headers and IP for users
// Visit https://docs.sentry.io/platforms/javascript/sendDefaultPii for more info
// sendDefaultPii: true, |
|
I agree with @markushi. Even though you can argue that the code tells you in your face that it sends PII, plenty of developers will blindly copy this and then get angry once they see PII in Sentry. |
We have this project #82 which captures what you describe here, IMO it makes sense to do both in tandem |
|
Updated getsentry/sentry-cocoa#82 and this issue accordingly. |
How about putting this behind, default toggled off?
|
|
That's a great idea. @andreiborza, with your approach, I would argue default toggled on is OK. I think fewer people will miss the checkbox than the default value in the code. |
|
Let's please just add this line of code and comment and move on -> KISS Another button means more docs, more confusion, more questions The intention of this is to make it more obvious to our users what our SDKs can do and not make it more difficult. |
|
@HazAT, OK I will shut up now 😄 , and I accept the decision to add the line of code 👍 because of KISS. |
See getsentry/team-sdks#121 --------- Co-authored-by: Alex Krawiec <[email protected]>
…ippets (#84220) As part of getsentry/team-sdks#121 we want to add `send_default_pii=True` to all relevant onboarding snippets for better out-of-the-box debugability.
…ippets (#84220) As part of getsentry/team-sdks#121 we want to add `send_default_pii=True` to all relevant onboarding snippets for better out-of-the-box debugability.
…ippets (#84220) As part of getsentry/team-sdks#121 we want to add `send_default_pii=True` to all relevant onboarding snippets for better out-of-the-box debugability.
github-project-automation
bot
moved this to Needs Discussion
in Mobile & Cross Platform SDK
|
@HazAT should the line also be part of the wizard when we patch the Sentry.init into the user code? |
Description
Our approach is privacy first and we want to be transparent about that
sendDefaultPiiis not the best API since it hides a lot of functionality behind one flag we are probably revisiting this in the future.But until we have a better API, we want that
sendDefaultPii: truewill be added to the onboarding docs (in-product and docs) with a comment like:We know that what's not in onboarding docs is very hard to discover and the functionality provided by
sendDefaultPii: trueis something crucial for debugging your issues.Each SDK should link to the specific docs added in #82.
Why should we be doing this?
To make it very clear to our users that this option exists and they can change the behavior in case they have privacy concerns.
Why now?
Because we had [INC-984] and we should be more deliberate what we do
Notion Document(s)
Related DACI: https://www.notion.so/sentry/DACI-user-ip_address-auto-behind-sendDefaultPii-true-1818b10e4b5d802f8938e894fd0348d5
Stakeholder(s)
@HazAT
Team(s)
Mobile, Web Backend, Web Frontend, GDX
SDKs
SDKs
The text was updated successfully, but these errors were encountered: