From 064a74e5334eb25f2d4f80a6107b9a5a9dd017b0 Mon Sep 17 00:00:00 2001 From: Mattias Loverot Date: Wed, 3 Jul 2024 11:15:57 +0200 Subject: [PATCH] Allowed configuration of Sentry send_default_pii parameter. Also changed default value of send_default_pii to False to avoid sending sensitive data to Sentry. Closes #16802 --- docs/configuration/error-reporting.md | 11 +++++++++++ netbox/netbox/settings.py | 3 ++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/docs/configuration/error-reporting.md b/docs/configuration/error-reporting.md index 8c3526dec..4423706d6 100644 --- a/docs/configuration/error-reporting.md +++ b/docs/configuration/error-reporting.md @@ -55,3 +55,14 @@ The sampling rate for transactions. Must be a value between 0 (disabled) and 1.0 !!! warning "Consider performance implications" A high sampling rate for transactions can induce significant performance penalties. If transaction reporting is desired, it is recommended to use a relatively low sample rate of 10% to 20% (0.1 to 0.2). + +--- + +## SENTRY_SEND_DEFAULT_PII + +Default: False (disabled) + +If this flag is enabled, certain personally identifiable information (PII) is added. + +!!! warning "Sensitive data" + If you enable this option, be aware that senstive data such as cookies and auth tokens will be logged. diff --git a/netbox/netbox/settings.py b/netbox/netbox/settings.py index 3a8e51e05..2721fd046 100644 --- a/netbox/netbox/settings.py +++ b/netbox/netbox/settings.py @@ -149,6 +149,7 @@ SENTRY_ENABLED = getattr(configuration, 'SENTRY_ENABLED', False) SENTRY_SAMPLE_RATE = getattr(configuration, 'SENTRY_SAMPLE_RATE', 1.0) SENTRY_TAGS = getattr(configuration, 'SENTRY_TAGS', {}) SENTRY_TRACES_SAMPLE_RATE = getattr(configuration, 'SENTRY_TRACES_SAMPLE_RATE', 0) +SENTRY_SEND_DEFAULT_PII = getattr(configuration, 'SENTRY_SEND_DEFAULT_PII', False) SESSION_COOKIE_NAME = getattr(configuration, 'SESSION_COOKIE_NAME', 'sessionid') SESSION_COOKIE_PATH = CSRF_COOKIE_PATH SESSION_COOKIE_SECURE = getattr(configuration, 'SESSION_COOKIE_SECURE', False) @@ -536,7 +537,7 @@ if SENTRY_ENABLED: release=VERSION, sample_rate=SENTRY_SAMPLE_RATE, traces_sample_rate=SENTRY_TRACES_SAMPLE_RATE, - send_default_pii=True, + send_default_pii=SENTRY_SEND_DEFAULT_PII, http_proxy=HTTP_PROXIES.get('http') if HTTP_PROXIES else None, https_proxy=HTTP_PROXIES.get('https') if HTTP_PROXIES else None )