sentry-javascript icon indicating copy to clipboard operation
sentry-javascript copied to clipboard
verified publisher icon getsentry

User-Agent reduction, Client-Hints are not supported

Open suzukieng opened this issue 7 months ago • 4 comments

Is there an existing issue for this?

  • [x] I have checked for existing issues https://github.com/getsentry/sentry-javascript/issues
  • [x] I have reviewed the documentation https://docs.sentry.io/
  • [x] I am using the latest SDK release https://github.com/getsentry/sentry-javascript/releases

How do you use Sentry?

Sentry Saas (sentry.io)

Which SDK are you using?

@sentry/browser

SDK Version

7.9.2

Framework Version

No response

Link to Sentry event

No response

Reproduction Example/SDK Setup

Device/browser/OS information is not available due to "User-Agent reduction" (https://privacysandbox.google.com/blog/user-agent-reduction-android-model-and-version).

This is not a bug in Sentry's SDK, but there should be documentation on how to provide provide Client-Hints to Sentry's SDK and those Client-Hints would need to be parsed by Sentry's event ingestion.

Sentry SDK users would need to provide Client-Hints to Sentry's origin, e.g. by adding a meta tag.

<meta http-equiv="Accept-CH" content="Sec-CH-UA, Sec-CH-UA-Model, Sec-CH-UA-Mobile, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version">
<meta http-equiv="Delegate-CH" content="Sec-CH-UA https://xxx.sentry.io; Sec-CH-UA-Model https://xxx.sentry.io; Sec-CH-UA-Mobile https://xxx.sentry.io; Sec-CH-UA-Form-Factor https://xxx.sentry.io; Sec-CH-UA-Platform https://xxx.sentry.io; Sec-CH-UA-Platform-Version https://xxx.sentry.io">

I am the author of a client-side JavaScript SDK that sends usage events and have a similar issue (my users not seeing detailed device/OS statistics), and provide documentation to them on how to enable Client-Hints (https://docs.strich.io/deployment-guide.html#user-agent-client-hints-optional).

Possibly related issue: https://github.com/getsentry/sentry/issues/50137

Steps to Reproduce

  1. Send Sentry event with the JS SDK, using a common device like a Samsung Galaxy S21
  2. Observe that the device model is 'K' in the received event

Expected Result

If the party deploying Sentry activates User-Agent Client-Hints for Sentry's origins (which would have to be documented), then the HTTP requests containing events sent to sentry would include these Client-Hints and more detailed information on the device/OS/browser could be obtained.

Actual Result

This is an event sent from a Samsung Galaxy S21 running Android 15.

Image

suzukieng avatar Jun 16 '25 06:06 suzukieng

Hi @suzukieng, thanks so much for filing this and providing all this extra info on how you got around it in your SDK. We'll add this to our documentation too.

andreiborza avatar Jun 16 '25 09:06 andreiborza

@andreiborza You're welcome! Are you saying that Sentry already processes Client-Hints, if they are delegated? Then we'd just need to know where to send them?

suzukieng avatar Jun 16 '25 11:06 suzukieng

Yea, they're supported: https://github.com/getsentry/relay/blob/0210399ae37694e8c2d50e6dd3fa07e860f3c6f5/relay-event-normalization/src/normalize/user_agent.rs#L199

andreiborza avatar Jun 16 '25 13:06 andreiborza

Yea, they're supported: https://github.com/getsentry/relay/blob/0210399ae37694e8c2d50e6dd3fa07e860f3c6f5/relay-event-normalization/src/normalize/user_agent.rs#L199

Ok, but where do I delegate them to? If I add https://sentry.io to the hints listed in the Delegate-CH meta tag, they don't seem to be sent. The requests are going to o.ingest.sentry.io

Image

suzukieng avatar Jun 16 '25 13:06 suzukieng

Hm, good question. I tried a bunch of options and none seemed to have made a difference. In your SDKs, are you sending all data to https://license.strich.io?

I'm struggling to get the browser to reveal the device info.

andreiborza avatar Jun 17 '25 12:06 andreiborza

@andreiborza yeah, in my use case all data is sent to that origin. My understanding of CH delegation is that the origin from which the document is served can control which client hints the browser can access and where they can be delegated (sent) to. It can be controlled via HTTP response headers or an HTML meta tag, the latter being typically easier to implement in applications.

suzukieng avatar Jun 17 '25 13:06 suzukieng

@suzukieng could you try passing in your ingest url to which you're sending events to minus the path? I wonder if I'm doing something wrong on my side.

andreiborza avatar Jun 17 '25 15:06 andreiborza

@andreiborza Sure. Just tried it, and from the DevTools network tab it seems they are sent? In the Sentry console I am still seeing model "K" instead of "SM-G990B".

Image

suzukieng avatar Jun 18 '25 05:06 suzukieng

@suzukieng could you link me to one of your events that should have received these please?

andreiborza avatar Jun 18 '25 08:06 andreiborza

@andreiborza https://pixelverse-llc.sentry.io/issues/6688902745/events/e914e0a2dd8547c594df1f835dba6a16/

suzukieng avatar Jun 18 '25 08:06 suzukieng

Could you add this to your Sentry.init call and paste the output please?

beforeSend: (event) => {
    console.log(event.request?.headers);
    return event;
},
debug: true,

andreiborza avatar Jun 18 '25 09:06 andreiborza

@andreiborza

{
    "Referer": "https://<redacted>.strich.io/home",
    "User-Agent": "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Mobile Safari/537.36"
}

suzukieng avatar Jun 18 '25 09:06 suzukieng

Mhm, looks like the SDK indeed doesn't forward this correctly then 🤔. Thanks for all this context, we'll look into it.

andreiborza avatar Jun 18 '25 09:06 andreiborza

@andreiborza You're welcome. If you need more testing etc. from my side, let me know.

suzukieng avatar Jun 18 '25 09:06 suzukieng

@andreiborza I just checked my backend, and I think I have a suspicion: did you check if Sentry's ingestion endpoints send an Accept-CH response header?

From MDN:

The HTTP Accept-CH response header may be set by a server to specify which client hint headers should be included by the client in subsequent requests. To ensure client hints are sent reliably, the Accept-CH header should be persisted for all secure requests.

suzukieng avatar Jun 19 '25 07:06 suzukieng

afaik your server has to set to Accept-CH, then all outgoing requests (such as requests to sentry's ingestion endpoint) should get this attached.

AbhiPrasad avatar Jun 19 '25 21:06 AbhiPrasad

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you remove the label Waiting for: Community, I will leave it alone ... forever!

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

getsantry[bot] avatar Jul 23 '25 07:07 getsantry[bot]

@andreiborza pinging you to keep this alive. Was there any progress on this? As far as I can tell, having the ingestion endpoint send Accept-CH headers would be enough. For me, and I'm sure for others as well, there is quite a bit of value knowing which device models are experiencing crashes. Especially in my domain (barcode scanning apps), there are often device-specific limitations (e.g WASM memory size) that cause crashes.

suzukieng avatar Jul 23 '25 09:07 suzukieng

Hi @suzukieng, sorry no progress on this. I'll relay this internally and get back to you.

andreiborza avatar Jul 23 '25 12:07 andreiborza

@suzukieng we looked and our ingest does indeed not send these back, that being said--our understanding is still that this would be something your server would have to send to your client. Is your own service sending these? We are all a bit confused about this 😅.

andreiborza avatar Jul 24 '25 09:07 andreiborza

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you remove the label Waiting for: Community, I will leave it alone ... forever!

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

getsantry[bot] avatar Aug 21 '25 07:08 getsantry[bot]