getsentry
SDK must validate envelope size to ensure errors are not silently dropped
Is there an existing issue for this?
- [x] I have checked for existing issues https://github.com/getsentry/sentry-javascript/issues
- [x] I have reviewed the documentation https://docs.sentry.io/
- [x] I am using the latest SDK release https://github.com/getsentry/sentry-javascript/releases
How do you use Sentry?
Sentry Saas (sentry.io)
Which SDK are you using?
@sentry/browser
SDK Version
10.25.0
Framework Version
No response
Link to Sentry event
No response
Reproduction Example/SDK Setup
No response
Steps to Reproduce
-
Sentry.captureException( new Error( "put a text > 1 MB here" ) );
Expected Result
The SDK should validate that payloads it sends are within the limits https://develop.sentry.dev/sdk/envelopes/#size-limits If they're too large, truncate them or if that is not possible/still too large, send a generic, short event with minimum possible data to ensure that Sentry customers are at least aware that there are errors happening
Otherwise, it's possible that some errors are never reported, which makes Sentry useless
While it's possible to custom implement this validation (to some extent) via customization or by customizing tunnel/relay, I don't think it makes sense since this is something that all sentry users need
Actual Result
{"detail":"envelope exceeded size limits for type 'event' (https://develop.sentry.dev/sdk/envelopes/#size-limits)"}
Additional Context
Our site was broken for 15% of potential customers, who could not place their order, however we only found out by accident since the events never reached Sentry, resulting in significant loss in revenue
![linear[bot] avatar](https://avatars.githubusercontent.com/in/20150?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hello and thanks for writing in. This sounds definitely frustrating and you are right, that although this can be manually customized, this should actually be a default. I'm gonna take a look at this this week to fix this.
Thanks! Ideally in a way to optionally disable this for specific types (e.g. event/transaction/span/log but not for profile/replay), since I've already implemented a tunnel/relay feature now that will convert event data that is too long to an attachment so it's not lost at least (unless of course the SDK would do that)
And just to get more insight into this: Can you share such a long envelope or take a look at it yourself and share what exactly is very long in one that is rejected? If it's really the message or maybe the stacktrace or something different
what exactly is very long in one that is rejected?
It's the message. I identified 2 common cases:
- error message is/contains a json itself (common-ish for some react errors apparently)
- error message contains user data or HTML from the page itself
Generally, these long errors are call to actions for developers to fix/do something and the message is as long as it provides details on what exactly/where the issue appeared. e.g. some JS tried to load a template, but the template once filled with user data or in this specific browser (happens quite a bit, due to how JS/DOM sanitization works/strips depending on the browser) was invalid/contained invalid HTML for example and it logs the whole template as the message
I created a PR that will use the maxValueLength on error messages as well: https://github.com/getsentry/sentry-javascript/pull/18301
However, we need to discuss handling those large envelopes a bit internally as we ideally don't want to auto-truncate things.
What I thought about (also based on how you currently solve this) would be something like this (but that's a bigger change that does not only involve the SDK):
- SDK estimates envelope size
- If too large: truncate large values
- Send those large values as attachments
I have a follow-up question on this: As you said the event never reached Sentry. Could you just not see it in the overview or was it never there at all? Can you check the project stats if there were any dropped events?
You can find them here: sentry.io/settings/stats/