Skip to content

ref: Expand scrubbing #6161

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sentrivana merged 3 commits into from
Apr 29, 2026

Merge branch 'master' into ivana/more-headers

660bd0a
Select commit
Loading
Failed to load commit list.
Merged

ref: Expand scrubbing #6161

Merge branch 'master' into ivana/more-headers
660bd0a
Select commit
Loading
Failed to load commit list.
@sentry/warden / warden: code-review completed Apr 28, 2026 in 37s

1 issue

code-review: Found 1 issue (1 low)

Low

New denylist entry uses hyphen while sibling entries use underscores - `sentry_sdk/scrubber.py:37`

The added entry "proxy-authorization" uses a hyphen, but other multi-word entries in DEFAULT_DENYLIST (e.g., x_api_key, x_csrftoken, x_forwarded_for, set_cookie) use underscores. Scrubbing matches keys via k.lower() in self.denylist (scrubber.py:116), so if request headers are normalized to underscore form (e.g., proxy_authorization) before scrubbing — as is common in WSGI environments — this entry will not match and the Proxy-Authorization header value could leak through unscrubbed.

Duration: 36.9s · Tokens: 99.2k in / 1.5k out · Cost: $0.29

View more details on @sentry/warden