fix(core): Defer TwP sampling by reading trace state from the scope#21549
fix(core): Defer TwP sampling by reading trace state from the scope#21549andreiborza wants to merge 8 commits into
Conversation
In Tracing-without-Performance (spans disabled), a root placeholder previously froze a negative sampling decision in the DSC, which suppressed downstream sampling instead of leaving the decision to a performance-enabled service further along the trace. The scope is the source of truth for a TwP placeholder's trace state: - `getTraceData` reads the sampling decision from the scope (deferred for a new trace, the upstream decision for a continued trace) while keeping the placeholder's stable span id, so the outgoing `sentry-trace` header omits the flag instead of asserting `-0`. - `getDynamicSamplingContextFromSpan` resolves a placeholder's DSC from its captured scope (continued traces keep the incoming DSC; new traces derive it from the client). A new (head-of-trace) TwP trace does not stamp a local `transaction` in its DSC; continued traces still propagate the upstream decision and DSC. No DSC is written to the scope at span start, preserving the browser's "scope stays DSC-free between navigations" behavior.
size-limit report 📦
|
|
|
||
| if (!client || !hasSpansEnabled()) { | ||
| const span = new SentryNonRecordingSpan(); | ||
| const propagationContext = { |
There was a problem hiding this comment.
I don't think this is actually necessary, do we ever put traceId/spanId/sampled/dsc on the isolation scope? I think this is always on the same type of scope, but not 100% sure...
There was a problem hiding this comment.
Right, we only ever need the traceId from there, which isn't affected. Removed in d1d9d2d
| // A non-recording span is a Tracing-without-Performance placeholder that carries no sampling | ||
| // decision of its own — the scope is the source of truth. We keep the placeholder's (stable) | ||
| // span id but read the sampling decision from the scope. | ||
| const isNonRecordingSpan = span instanceof SentryNonRecordingSpan; |
There was a problem hiding this comment.
this is fine but possibly brittle, if packages are badly deduped or similar. if we can find a different, non-identidy based way to check this that would possibly be more robust, but not necessarily required here IMHO
| traceData.traceparent = | ||
| span && !isNonRecordingSpan | ||
| ? spanToTraceparentHeader(span) | ||
| : scopeToTraceparentHeader(scope, span?.spanContext().spanId); |
There was a problem hiding this comment.
does this make sense? if it is non-recording the span.spanContext should not have a valid spanId, I guess...?
There was a problem hiding this comment.
It does have a valid id, but I simplified this to not pass a span id. This does mean in some cases the span id might differ, e.g. when starting a manual span in TwP
Sentry.startSpan({...}), () => {
Sentry.captureException(...);
fetch(...)
})The span id of startSpan and the error event trace are the same, but the fetch call ends up with a new span id. This shouldn't be a problem since we aren't sending spans anyway in this mode.
Updated in 6a7c654
| // For a non-recording placeholder (Tracing without Performance), the DSC is not carried on the | ||
| // span — the scope is the source of truth. Resolve it from the span's captured scope: continued | ||
| // traces keep the incoming DSC, new traces derive it from the client (without a local transaction). | ||
| if (rootSpan instanceof SentryNonRecordingSpan) { |
There was a problem hiding this comment.
do we need this, actually? Would we not skip even calling this if the span is a non recording span?
There was a problem hiding this comment.
Yes this is needed, this is the one unifying place where we can get the DSC from. This simplifies not having to add checks for SentryNonRecordingSpans at all other callsites (e.g. in getTraceData, applySpanToEvent etc).
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
andreiborza
requested review from
JPeer264,
logaretm and
mydea
and removed request for
a team
|
|
||
| // Non-enumerable brand used to detect non-recording spans via {@link spanIsNonRecordingSpan} | ||
| // without `instanceof`, which is brittle when `@sentry/core` is duplicated across packages. | ||
| const NON_RECORDING_SPAN_FIELD = '_sentryNonRecordingSpan'; |
There was a problem hiding this comment.
just an idea, but we could use aSymbol.for() here, then we'd not need to handle the minification thing.
JPeer264
left a comment
JPeer264
left a comment
There was a problem hiding this comment.
Actually pretty smart to put that into the DSC into the scope for TwP.
Not approving just yet because of my comment and the Symbol comment of Francesco.
| // Tracing is enabled (not TwP), but the route is a raw, non-parametrized URL so the | ||
| // http.server span source is `url`. The span name must therefore be omitted from the | ||
| // DSC (raw URLs may contain PII), even though a real transaction is recorded. | ||
| export default Sentry.withSentry( |
There was a problem hiding this comment.
q: Was this issue specifically related to Cloudflare? Just wondering why there is specifically a CF test for it
There was a problem hiding this comment.
It's not CF specific but it tests a core behavior of getDynamicSamplingContextFromSpan that we didn't test before.
I wanted to make sure that a in a non TwP case the transaction is also scrubbed when the source is url.
| // Tracing is enabled (not TwP), but the route is a raw, non-parametrized URL so the | ||
| // http.server span source is `url`. The span name must therefore be omitted from the | ||
| // DSC (raw URLs may contain PII), even though a real transaction is recorded. | ||
| export default Sentry.withSentry( |
There was a problem hiding this comment.
m: This test is also passing on the latest develop, so I'm not sure if this should have reproduced anything specific or if it should just check if the old behavior is the same.
| const span = new SentryNonRecordingSpan(); | ||
| // The placeholder is a thin marker; it carries no sampling decision or DSC. Both are read from | ||
| // the scope: the sampling decision in `getTraceData`, the DSC in `getDynamicSamplingContextFromSpan`. | ||
| const span = new SentryNonRecordingSpan({ traceId: scope.getPropagationContext().traceId }); |
There was a problem hiding this comment.
For pure TwP non-recording spans not really, but for non recording spans that are not sampled we need it. I'd argue it's easier to keep it in both cases instead of having to micro manage it whenever we are using one or the other, wdyt?
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit b65741e. Configure here.
| const capturedScope = getCapturedScopesOnSpan(rootSpan).scope; | ||
| if (capturedScope) { | ||
| return applyLocalSampleRateToDsc(getDynamicSamplingContextFromScope(client, capturedScope)); | ||
| } |
There was a problem hiding this comment.
Scope DSC without TwP guard
Medium Severity
getDynamicSamplingContextFromSpan resolves baggage from the captured scope for every non-recording span that has one, but getTraceData only defers to the scope for TwP (!hasSpansEnabled()). The onlyIfParent placeholder always captures scopes, so with tracing enabled sentry-trace still encodes -0 via spanToTraceHeader while baggage can reflect the scope (e.g. upstream sentry-sampled=true), breaking header agreement.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit b65741e. Configure here.
logaretm
left a comment
logaretm
left a comment
There was a problem hiding this comment.
Just a few questions, trying to learn more about this whole thing 😅
| // For a non-recording placeholder (Tracing without Performance), the DSC is not carried on the | ||
| // span; the scope is the source of truth. Resolve it from the span's captured scope: continued | ||
| // traces keep the incoming DSC, new traces derive it from the client (without a local transaction). | ||
| if (spanIsNonRecordingSpan(rootSpan)) { |
There was a problem hiding this comment.
q: Should this also have a hasSpansEnabled() check?
| if (spanIsNonRecordingSpan(rootSpan)) { | ||
| const capturedScope = getCapturedScopesOnSpan(rootSpan).scope; | ||
| if (capturedScope) { | ||
| return applyLocalSampleRateToDsc(getDynamicSamplingContextFromScope(client, capturedScope)); |
There was a problem hiding this comment.
q: Not sure about this one, could this mutate the dsc value and do we want that?
| } | ||
|
|
||
| const sentryTrace = span ? spanToTraceHeader(span) : scopeToTraceHeader(scope); | ||
| const sentryTrace = span && !isTwpPlaceholder ? spanToTraceHeader(span) : scopeToTraceHeader(scope); |
There was a problem hiding this comment.
q: For head of trace TwP wouldn't have a propagationSpanId, so wouldn't this create a new trace id every time? is that intended.
4 participants
In Tracing-without-Performance (spans disabled), a root placeholder previously froze a negative sampling decision in the DSC, which suppressed downstream sampling instead of leaving the decision to a performance-enabled service further along the trace.
The scope is the source of truth for a TwP placeholder's trace state:
getTraceDatareads the sampling decision from the scope (deferred for a new trace, the upstream decision for acontinued trace), so the outgoing
sentry-traceheader omits the flag instead of asserting-0. The span id comes from the scope'spropagationSpanId(a fresh id is generated when the scope has none).getDynamicSamplingContextFromSpanresolves a placeholder's DSC from its captured scope (continued traces keep the incoming DSC; new traces derive it from the client).The scope is only consulted for genuine TwP placeholders. A non-recording span in tracing mode, the child of an unsampled span, or an ignored span carries an explicit negative decision and keeps propagating
-0viaspanToTraceHeader.A new (head-of-trace) TwP trace does not stamp a local
transactionin its DSC; continued traces still propagate the upstream decision and DSC.No DSC is written to the scope at span start, preserving the browser's "scope stays DSC-free between navigations" behavior.
This is an alternative to #21406