New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Traces sample rate cannot be disabled #1427
Comments
Update: Seems that our front-end has enabled tracing with a 0.2 sample rate which in turn sends a |
Update: Reopening because it seems that the This also seems to open up an issue where i could spam an application their sentry quota by adding a fake What i think should happen: |
I would advise updating your As your FE DSN is public, there are similar concerns when it comes to abuse, you can read more about it here https://docs.sentry.io/product/sentry-basics/dsn-explainer/#dsn-utilization |
To add to this, you can also disable tracing by setting a https://docs.sentry.io/platforms/php/guides/laravel/configuration/options/#traces-sampler |
Doesn't sound like good design if anyone sending an extra header can use up our quota for sole back-end projects (without a known dsn) to be honest. I'd prefer just having a boolean setting that disables sampling and can't be overridden by a randomly sent header. Something like Example: Now if those front-end systems also use sentry and send us a trace header (as default by sentryjs sdk) this will mean there is no way to prevent their application from using up the quota in our sentry environment. Also: |
You can add a <?php
namespace App;
use Sentry\Tracing\SamplingContext;
class Sentry
{
public static function tracesSampler(SamplingContext $context): float
{
return 0.0;
}
} And in your config: <?php
return [
'traces_sampler' => [App\Sentry::class, 'tracesSampler'],
]; This works with config caching 😄 This should work for now, until we figure out what we can do to prevent this. |
I moved this to the core SDK, as the issue needs to be fixed there. I think we are missing the following behavior:
@stayallive How does this sound to you? |
So zero doesn't really mean zero I guess? I will have to document this carefully in my downstream package :) Having a toggle + sample rate seems potentially more intuitive. |
@cleptric this sounds good to me, as long as we document this correctly. Are you aware if other SDKs handle it a similar way? Currently the docs aren't a 100% correct either too: https://docs.sentry.io/platforms/php/configuration/options/#tracing-options |
Fixed in |
Environment
sentry/sentry-laravel: 3.0.1
laravel/framework: 9.39.0
Steps to Reproduce
'traces_sample_rate' => (float) (env('SENTRY_TRACES_SAMPLE_RATE', 0.0)),
Expected Result
I would expect Performance tracing to be disabled
Actual Result
It is not disabled and we're almost at the point where we have to upgrade our sentry plan because we're running out of events rapidly
The text was updated successfully, but these errors were encountered: