🍒 10711 - Missing http.response.headers.content-type span tag on blocking responses by jandro996 · Pull Request #10884 · DataDog/dd-trace-java
jandro996
marked this pull request as ready for review
…nses (#10711) fix(appsec): record blocking response content-type centrally in GatewayBridge When a WAF blocking action fires, the normal response-header IG callbacks are bypassed, so http.response.headers.content-type never reaches the span. Instead of patching every framework's blocking handler, intercept the blocking flow result in GatewayBridge.maybePublishRequestData / maybePublishResponseData, compute the deterministic content-type from RequestBlockingAction + accept header, store it on AppSecRequestContext, and write it as a span tag in onRequestEnded(). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Merge branch 'master' into alejandro.gonzalez/APPSEC-61447-bug-blocking Fix and more tests Fix and more tests Fix and more tests Merge branch 'master' into alejandro.gonzalez/APPSEC-61447-bug-blocking Merge branch 'master' into alejandro.gonzalez/APPSEC-61447-bug-blocking Co-authored-by: devflow.devflow-routing-intake <devflow.devflow-routing-intake@kubernetes.us1.ddbuild.io>
jandro996
deleted the
alejandro.gonzalez/backport-pr-10711
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters