Missing http.response.headers.content-type span tag on blocking responses by jandro996 · Pull Request #10711 · DataDog/dd-trace-java
…ayBridge When a WAF blocking action fires, the normal response-header IG callbacks are bypassed, so http.response.headers.content-type never reaches the span. Instead of patching every framework's blocking handler, intercept the blocking flow result in GatewayBridge.maybePublishRequestData / maybePublishResponseData, compute the deterministic content-type from RequestBlockingAction + accept header, store it on AppSecRequestContext, and write it as a span tag in onRequestEnded(). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
jandro996
marked this pull request as ready for review
jandro996 added a commit that referenced this pull request
Mar 18, 2026
…nses (#10711) fix(appsec): record blocking response content-type centrally in GatewayBridge When a WAF blocking action fires, the normal response-header IG callbacks are bypassed, so http.response.headers.content-type never reaches the span. Instead of patching every framework's blocking handler, intercept the blocking flow result in GatewayBridge.maybePublishRequestData / maybePublishResponseData, compute the deterministic content-type from RequestBlockingAction + accept header, store it on AppSecRequestContext, and write it as a span tag in onRequestEnded(). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Merge branch 'master' into alejandro.gonzalez/APPSEC-61447-bug-blocking Fix and more tests Fix and more tests Fix and more tests Merge branch 'master' into alejandro.gonzalez/APPSEC-61447-bug-blocking Merge branch 'master' into alejandro.gonzalez/APPSEC-61447-bug-blocking Co-authored-by: devflow.devflow-routing-intake <devflow.devflow-routing-intake@kubernetes.us1.ddbuild.io>
jandro996 added a commit that referenced this pull request
Mar 18, 2026
…nses (#10711) fix(appsec): record blocking response content-type centrally in GatewayBridge When a WAF blocking action fires, the normal response-header IG callbacks are bypassed, so http.response.headers.content-type never reaches the span. Instead of patching every framework's blocking handler, intercept the blocking flow result in GatewayBridge.maybePublishRequestData / maybePublishResponseData, compute the deterministic content-type from RequestBlockingAction + accept header, store it on AppSecRequestContext, and write it as a span tag in onRequestEnded(). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Merge branch 'master' into alejandro.gonzalez/APPSEC-61447-bug-blocking Fix and more tests Fix and more tests Fix and more tests Merge branch 'master' into alejandro.gonzalez/APPSEC-61447-bug-blocking Merge branch 'master' into alejandro.gonzalez/APPSEC-61447-bug-blocking Co-authored-by: devflow.devflow-routing-intake <devflow.devflow-routing-intake@kubernetes.us1.ddbuild.io>
jandro996 added a commit that referenced this pull request
Mar 19, 2026
…nses (#10711) fix(appsec): record blocking response content-type centrally in GatewayBridge When a WAF blocking action fires, the normal response-header IG callbacks are bypassed, so http.response.headers.content-type never reaches the span. Instead of patching every framework's blocking handler, intercept the blocking flow result in GatewayBridge.maybePublishRequestData / maybePublishResponseData, compute the deterministic content-type from RequestBlockingAction + accept header, store it on AppSecRequestContext, and write it as a span tag in onRequestEnded(). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Merge branch 'master' into alejandro.gonzalez/APPSEC-61447-bug-blocking Fix and more tests Fix and more tests Fix and more tests Merge branch 'master' into alejandro.gonzalez/APPSEC-61447-bug-blocking Merge branch 'master' into alejandro.gonzalez/APPSEC-61447-bug-blocking Co-authored-by: devflow.devflow-routing-intake <devflow.devflow-routing-intake@kubernetes.us1.ddbuild.io>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters