Issues - Being able to adjust specific issue sample rate for Content Security Policy errors

[Angelodaniel]

Problem Statement

In this case the Content Security Policy errors eat up most quota but are still important to the developers
In order to reduce the amount of traffic and save some quota I want to know if it's possible to use something similar like the tracesSampler for JS however it seems that there is no similar option for CSP (Sentry Docs).

Also the Sentry UI doesn't give options to do like a Dynamic Sample on all CSP issues so it's either filter them out completely or don't filter and accept all.

Solution Brainstorm

No response

Product Area

Issues

┆Issue is synchronized with this Jira Improvement by Unito

[getsantry]

Assigning to @getsentry/support for routing ⏲️

[getsantry]

Routing to @getsentry/product-owners-issues for triage ⏲️

[lobsterkatie]

The reason there's isn't a tracesSampler-type option for CSP reports is because they're not sent by the SDK, they're sent by the browser.

It seems like it might be possible to have the SDK listen for and catch them (and therefore possibly be able to sample them - would depend on whether the SDK can prevent them from being sent or only observe them on their way out the door), but only in cases where the SDK is already initialized when the violation occurs.

We could also set up sampling and/or rate limiting on our end, but I suspect that would have to be a larger conversation. I'm therefore going to transfer this to the JS repo, as I think it's your best bet as at least a place to start.

[lobsterkatie]

Also of possible interest that I just found: You're apparently not the only one with this request, though the conversation seems to have died out in 2019. Perhaps you could revive it!

[AbhiPrasad]

It seems like it might be possible to have the SDK listen for and catch them

I think this is entirely new behavior for CSP functionality as we would have to build a new integration to the SDK (and add new envelope logic) to make this work. IMO we should be working toward adding some controls in the UI to help with this.

I'm not even sure which team should own CSP stuff - I'll defer to @smeubank re: this.

[ryanseddon]

Did anything come of this? I'm interested in sampling CSP too but unsure if that's feasible due to the browser controlling sending of reports.