Skip to content

[skill-drift] fix(sentry-svelte-sdk): replace deprecated sendDefaultPii with dataCollection #162

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
github-actions wants to merge 1 commit into
base: main
Choose a base branch
from
+22 −8
Open

[skill-drift] fix(sentry-svelte-sdk): replace deprecated sendDefaultPii with dataCollection #162

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 15 additions & 4 deletions skills/sentry-svelte-sdk/SKILL.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,9 @@ Sentry.init({
environment: process.env.SENTRY_ENVIRONMENT,
release: process.env.SENTRY_RELEASE,

sendDefaultPii: true,
dataCollection: {
userInfo: true,
},
Comment on lines +157 to +159

@sentry sentry Bot Jun 8, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Replacing sendDefaultPii: true with dataCollection: { userInfo: true } is not equivalent for SDKs < 10.56.0, causing a silent loss of cookie and header data collection.
Severity: MEDIUM

Suggested Fix

To ensure consistent data collection across all supported SDK versions, update the dataCollection example to explicitly include cookies: true and httpHeaders: { request: true, response: true }. Alternatively, add a clear warning and separate examples for users on SDK versions older than 10.56.0.

Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.

Location: skills/sentry-svelte-sdk/SKILL.md#L157-L159

Potential issue: The documentation incorrectly suggests replacing `sendDefaultPii: true`
with `dataCollection: { userInfo: true }` as an equivalent change. This is only true for
`@sentry/sveltekit` SDK versions 10.56.0 and newer. For supported older versions (10.8.0
to 10.55.x), `sendDefaultPii: true` collected user info, cookies, and request headers.
The new configuration only collects user info because other `dataCollection` fields like
`cookies` and `httpHeaders` default to false in those versions. This results in a
silent, unintended loss of cookie and HTTP header data for users on these older SDKs who
follow the new examples.

Also affects:

  • skills/sentry-svelte-sdk/SKILL.md:174~176
  • skills/sentry-svelte-sdk/SKILL.md:278~280
  • skills/sentry-svelte-sdk/references/error-monitoring.md:28~31

Did we get this right? 👍 / 👎 to inform future reviews.

tracesSampleRate: 1.0, // lower to 0.1–0.2 in production
enableLogs: true,
});
Expand All @@ -169,7 +171,9 @@ Sentry.init({
dsn: import.meta.env.PUBLIC_SENTRY_DSN ?? import.meta.env.VITE_SENTRY_DSN,
environment: import.meta.env.MODE,

sendDefaultPii: true,
dataCollection: {
userInfo: true,
},
tracesSampleRate: 1.0,

integrations: [
Expand Down Expand Up @@ -271,7 +275,9 @@ Sentry.init({
dsn: import.meta.env.VITE_SENTRY_DSN,
environment: import.meta.env.MODE,

sendDefaultPii: true,
dataCollection: {
userInfo: true,
},

integrations: [
Sentry.browserTracingIntegration(),
Expand Down Expand Up @@ -343,7 +349,12 @@ For each feature: `Read ${SKILL_ROOT}/references/<feature>.md`, follow steps exa
| `dsn` | `string` | — | **Required.** Use env var; SDK is disabled when empty |
| `environment` | `string` | `"production"` | e.g., `"staging"`, `"development"` |
| `release` | `string` | — | e.g., `"my-app@1.2.3"` or git SHA |
| `sendDefaultPii` | `boolean` | `false` | Includes IP addresses and request headers |
| `dataCollection` | `object` | — | Control what data is collected (userInfo, cookies, headers, etc.) |
| `dataCollection.userInfo` | `boolean` | `true` | Auto-populate `user.*` fields from instrumentation |
| `dataCollection.cookies` | `boolean\|object` | `true` | Cookie collection and filtering |
| `dataCollection.httpHeaders` | `object` | `{request: true, response: true}` | HTTP header collection for requests/responses |
| `dataCollection.httpBodies` | `string[]` | `['incomingRequest', ...]` | Which HTTP body types to collect |
| `dataCollection.queryParams` | `boolean\|object` | `true` | Query parameter collection and filtering |
| `tracesSampleRate` | `number` | — | 0–1; use `1.0` in dev, `0.1–0.2` in prod |
| `tracesSampler` | `function` | — | Per-transaction sampling; overrides `tracesSampleRate` |
| `tracePropagationTargets` | `(string\|RegExp)[]` | — | URLs that receive distributed tracing headers |
Expand Down
9 changes: 6 additions & 3 deletions skills/sentry-svelte-sdk/references/error-monitoring.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,10 @@ No configuration beyond the `Sentry.init()` call is required for baseline error
```typescript
import * as Sentry from "@sentry/sveltekit";

Sentry.init({ dsn: import.meta.env.VITE_SENTRY_DSN, sendDefaultPii: true });
Sentry.init({
dsn: import.meta.env.VITE_SENTRY_DSN,
dataCollection: { userInfo: true },
});

// Sentry captures first; your handler runs after
const myErrorHandler = ({ error, event }: { error: unknown; event: unknown }) => {
Expand Down Expand Up @@ -415,9 +418,9 @@ globalScope.setTag("app.version", "1.0.0");
## Best Practices

- Export `handleError = Sentry.handleErrorWithSentry()` from **both** hook files in SvelteKit — server errors are missed if only one is set
- Set `sendDefaultPii: true` to capture user IP and request headers automatically
- Configure `dataCollection.userInfo: true` to auto-populate user context from instrumentation (enabled by default in SDK ≥10.56.0)
- Use `Sentry.withScope()` for one-off context, `Sentry.getIsolationScope()` / `Sentry.getGlobalScope()` for persistent context
- Scrub PII in `beforeSend` if `sendDefaultPii: true` is set but specific fields must be hidden
- Scrub PII in `beforeSend` or use `dataCollection` options to control what data is collected
- Set `debug: true` during development to verify events are being captured

---
Expand Down
2 changes: 1 addition & 1 deletion skills/sentry-svelte-sdk/references/logging.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -226,7 +226,7 @@ The SDK adds these to every log without any developer action:
| `release` | `Sentry.init({ release })` | — |
| `sdk.name`, `sdk.version` | SDK internals | — |
| `browser.name`, `browser.version` | User-Agent | Client-side only |
| `user.id`, `user.name`, `user.email` | `Sentry.setUser()` | When `sendDefaultPii: true` |
| `user.id`, `user.name`, `user.email` | `Sentry.setUser()` | When `dataCollection.userInfo: true` (default in SDK ≥10.56.0) |
| `sentry.trace.parent_span_id` | Active tracing span | If tracing is enabled |
| `sentry.replay_id` | Active replay session | If Session Replay is enabled |
| `message.template`, `message.parameter.X` | `logger.fmt` usage | — |
Expand Down