Use HTTP headers for large HTTP payload detection

[ndench]

Problem Statement

Some endpoints which download files where the URL does not end with a file extension. This is because files are often identified by an internal unique identifier.

These endpoints will always flag the Large HTTP Payload issue.

Solution Brainstorm

It would be good if the Large HTTP Payload detection criteria could take HTTP headers into account to exclude file download endpoints. Working entirely off the extension in the URL seems very limited.

Product Area

Performance

[getsantry[bot]]

Assigning to @getsentry/support for routing ⏲️

[getsantry[bot]]

Routing to @getsentry/product-owners-performance for triage ⏲️

[narsaynorath]

Hi @ndench, thanks for the report! You have a good point about the file extension check being brittle. I'm going to backlog this for now and raise it with the team so we can prioritize fixing the noise

[ndench]

Thanks @narsaynorath!

[dbushy727]

We are having the same issue. Would be cool to find a way to configure what may or may not set this off. Either via a whitelist of routes, extensions, headers, or whatever.

[nanoburd]

Lets chat if there's a better OOTB default or if we add configuration to ignore certain paths.

[mcheng-brilliant]

Hi @narsaynorath and @nanoburd, was there any movement on adding configuration to ignore certain paths? We're running into a similar problem with this and would like to cut down on the noise without completely disabling this.

[zoesyc]

hey @mcheng-brilliant, we will be looking at our performance issues creation and detection more holistically toward the end of this year. I'll be keeping track of this feedback for that re-evaluation. Please continue tracking this issue for any updates!

[Tbhesswebber]

It looks like there were some automated updates here - is there an estimated timeline or a public roadmap somewhere to help us get a better feel for when we can expect this to be available?

[armenzg]

I'm bringing some eyes to this issue. Stay tuned.

[roggenkemper]

Our team is taking a look at this - no estimated timeline right now (will keep you updated if we have one) but if this is causing too many issues for you before we fix it, you can turn the issues off following the instructions here https://docs.sentry.io/product/issues/issue-details/performance-issues/#configuration . hope to have an update for you soon

[roggenkemper]

@ndench @Tbhesswebber @mcheng-brilliant @dbushy727 some good news - this is an improvement I'm going to start working on soon. one question as we start to think about this: the original suggestion was to use HTTP headers. would you be ok if we had one implementation of this or would you want it to be configurable per project (so you could control the paths or headers we exclude)?

feel free to email me at [first name].[last name]@sentry.io if you have any other thoughts, want to chat, or want to get access to this improvement to test it out!

[roggenkemper]

Quick update here - i've added in a setting so you can filter out URL paths where you are seeing this problem so we don't detect issues on these spans, without having to turn the entire detector off. This setting is currently available for Early Adopters to try out. I'll make it available to all users in the near future.

I'm not sure we have the data necessary to automatically filter out based off of the headers unfortunately - if anyone wants to email me (email in the comment above) some issues where you think header filtering could've worked, please send the over!

I'm going to close this issue for now - feel free to re-open or reach out if you have any additional follow ups!