minidumps: FEATURE flag

2026-03-10 08:01:17 +00:00 · 2025-11-15 13:33:49 +01:00
parent 97c1e4c71c
commit 661d83bd93
4 changed files with 17 additions and 1 deletions
--- a/bugsink/app_settings.py
+++ b/bugsink/app_settings.py
@@ -73,6 +73,9 @@ DEFAULTS = {
    # Security:
    "MINIMIZE_INFORMATION_EXPOSURE": False,
    "PHONEHOME": True,
+
+    # Feature flags:
+    "FEATURE_MINIDUMPS": False,  # minidumps are experimental/early-stage and likely a DOS-magnet; disabled by default
 }


--- a/bugsink/settings/development.py
+++ b/bugsink/settings/development.py
@@ -109,6 +109,9 @@ BUGSINK = {
    "MAX_EMAILS_PER_MONTH": 10,  # for development: a thing to tune if you want to the the quota system

    "KEEP_ARTIFACT_BUNDLES": True,  # in development: useful to preserve sourcemap uploads
+
+    # in development we want optional features enabled to [1] play with them and [2] have the tests work
+    "FEATURE_MINIDUMPS": True,
 }


--- a/files/views.py
+++ b/files/views.py
@@ -205,6 +205,9 @@ def artifact_bundle_assemble(request, organization_slug):
@csrf_exempt  # we're in API context here; this could potentially be pulled up to a higher level though
@requires_auth_token
 def difs_assemble(request, organization_slug, project_slug):
+    if not get_settings().FEATURE_MINIDUMPS:
+        return JsonResponse({"detail": "minidumps not enabled"}, status=404)
+
    # TODO move to tasks.something.delay
    # TODO think about the right transaction around this
    data = json.loads(request.body)
--- a/ingest/views.py
+++ b/ingest/views.py
@@ -53,6 +53,7 @@ from .models import StoreEnvelope, DontStoreEnvelope, Envelope

 HTTP_429_TOO_MANY_REQUESTS = 429
 HTTP_400_BAD_REQUEST = 400
+HTTP_404_NOT_FOUND = 404
 HTTP_501_NOT_IMPLEMENTED = 501


@@ -638,7 +639,10 @@ class IngestEnvelopeAPIView(BaseIngestAPIView):

            if ((type_ not in ["event", "attachment"]) or
                    (item_headers.get("type") == "attachment" and
-                     item_headers.get("attachment_type") != "event.minidump")):
+                     item_headers.get("attachment_type") != "event.minidump") or
+                    (item_headers.get("type") == "attachment" and
+                     item_headers.get("attachment_type") == "event.minidump" and
+                     not get_settings().FEATURE_MINIDUMPS)):

                # non-event/minidumps can be discarded; (we don't check for individual size limits, because these differ
                # per item type, we have the envelope limit to protect us, and we incur almost no cost (NullWriter))
@@ -732,6 +736,9 @@ class MinidumpAPIView(BaseIngestAPIView):
    # I'm not 100% sure whether "philosophically" the minidump endpoint is also "ingesting"; we'll see.

    def post(self, request, project_pk=None):
+        if not get_settings().FEATURE_MINIDUMPS:
+            return JsonResponse({"detail": "minidumps not enabled"}, status=HTTP_404_NOT_FOUND)
+
        # not reusing the CORS stuff here; minidump-from-browser doesn't make sense.

        # TODO: actually pick/configure max