diff --git a/packages/node/src/requestdata.ts b/packages/node/src/requestdata.ts index 0b3ab735d05d..8df2e4558a76 100644 --- a/packages/node/src/requestdata.ts +++ b/packages/node/src/requestdata.ts @@ -174,6 +174,12 @@ export function extractRequestData( switch (key) { case 'headers': { requestData.headers = headers; + + // Remove the Cookie header in case cookie data should not be included in the event + if (!include.includes('cookies')) { + delete (requestData.headers as { cookie?: string }).cookie; + } + break; } case 'method': { diff --git a/packages/node/test/requestdata.test.ts b/packages/node/test/requestdata.test.ts index 9008aff782f6..9c79f2cd59bd 100644 --- a/packages/node/test/requestdata.test.ts +++ b/packages/node/test/requestdata.test.ts @@ -298,6 +298,37 @@ describe.each([oldExtractRequestData, newExtractRequestData])( }); }); + describe('headers', () => { + it('removes the `Cookie` header from requestdata.headers, if `cookies` is not set in the options', () => { + const mockReq = { + cookies: { foo: 'bar' }, + headers: { cookie: 'foo=bar', otherHeader: 'hello' }, + }; + const optionsWithCookies = ['headers']; + + const [req, options] = formatArgs(fn, mockReq, optionsWithCookies); + + expect(fn(req, options as any)).toStrictEqual({ + headers: { otherHeader: 'hello' }, + }); + }); + + it('includes the `Cookie` header in requestdata.headers, if `cookies` is not set in the options', () => { + const mockReq = { + cookies: { foo: 'bar' }, + headers: { cookie: 'foo=bar', otherHeader: 'hello' }, + }; + const optionsWithCookies = ['headers', 'cookies']; + + const [req, options] = formatArgs(fn, mockReq, optionsWithCookies); + + expect(fn(req, options as any)).toStrictEqual({ + headers: { otherHeader: 'hello', cookie: 'foo=bar' }, + cookies: { foo: 'bar' }, + }); + }); + }); + describe('cookies', () => { it('uses `req.cookies` if available', () => { const mockReq = {