Feature description
Feature Description
Use case
We want to sanitize URLs of resources reported to Datadog from React Native apps to prevent
PII leaks through query parameters or other URL components.
For example, an auto-tracked resource URL like:
https://testurl.com?phone=12345
should be reported as:
https://testurl.com?phone=PHONE_PLACEHOLDER
This would let mobile apps apply the same resource URL sanitization strategy that our
frontend already supports, giving us consistent privacy controls across web and mobile
instrumentation.
How the SDK currently delivers this
The React Native SDK exposes resourceEventMapper, but the automatic XHR resource tracking
flow does not give it enough control before native RUM resource tracking starts.
In the current flow, URL-based filtering or sanitization can happen too late. The native
resource may already be started before the mapper has enough resource context to decide
whether the event should be kept, dropped, or sanitized.
This means applications cannot reliably use resourceEventMapper as the single place to
sanitize auto-tracked XHR resource URLs before they are reported to Datadog.
What we would like to see
We would like resourceEventMapper to be applied to auto-tracked XHR resources before native
startResource is called.
The mapper should receive resource URL context, for example through
resourceContext.responseURL, so applications can inspect and rewrite the URL before it is
reported.
Expected behavior:
- If
resourceEventMapper rewrites resourceContext.responseURL, the sanitized URL is used
for the reported RUM resource.
- If
resourceEventMapper returns null, the auto-tracked resource is dropped before native
tracking starts.
- Runtime calls to
DdRum.registerResourceEventMapper and
DdRum.unregisterResourceEventMapper update the mapper used by already-enabled automatic
XHR tracking.
- Existing resource tracking behavior, including tracing sample rate updates and internal SDK
resource filters, continues to work.
This would let React Native apps prevent PII leaks in Datadog resource URLs while keeping
behavior consistent with frontend instrumentation.
Proposed solution
Here is the suggested implementation:
https://github.com/teplymax/dd-sdk-reactnative/tree/teplymax/apply-resourceEventMapper-to-auto-tracked-resources
Patch to test this out:
@datadog+mobile-react-native+3.5.1.patch
Other relevant information
No response
Feature description
Feature Description
Use case
We want to sanitize URLs of resources reported to Datadog from React Native apps to prevent
PII leaks through query parameters or other URL components.
For example, an auto-tracked resource URL like:
should be reported as:
This would let mobile apps apply the same resource URL sanitization strategy that our
frontend already supports, giving us consistent privacy controls across web and mobile
instrumentation.
How the SDK currently delivers this
The React Native SDK exposes
resourceEventMapper, but the automatic XHR resource trackingflow does not give it enough control before native RUM resource tracking starts.
In the current flow, URL-based filtering or sanitization can happen too late. The native
resource may already be started before the mapper has enough resource context to decide
whether the event should be kept, dropped, or sanitized.
This means applications cannot reliably use
resourceEventMapperas the single place tosanitize auto-tracked XHR resource URLs before they are reported to Datadog.
What we would like to see
We would like
resourceEventMapperto be applied to auto-tracked XHR resources before nativestartResourceis called.The mapper should receive resource URL context, for example through
resourceContext.responseURL, so applications can inspect and rewrite the URL before it isreported.
Expected behavior:
resourceEventMapperrewritesresourceContext.responseURL, the sanitized URL is usedfor the reported RUM resource.
resourceEventMapperreturnsnull, the auto-tracked resource is dropped before nativetracking starts.
DdRum.registerResourceEventMapperandDdRum.unregisterResourceEventMapperupdate the mapper used by already-enabled automaticXHR tracking.
resource filters, continues to work.
This would let React Native apps prevent PII leaks in Datadog resource URLs while keeping
behavior consistent with frontend instrumentation.
Proposed solution
Here is the suggested implementation:
https://github.com/teplymax/dd-sdk-reactnative/tree/teplymax/apply-resourceEventMapper-to-auto-tracked-resources
Patch to test this out:
@datadog+mobile-react-native+3.5.1.patch
Other relevant information
No response