Fix bug (DataDog#10648)

jandro996 · web-flow · commit e9b5a5736d5c · 2026-02-20T11:53:59.000Z
Fix bug

Co-authored-by: alejandro.gonzalez &lt;alejandro.gonzalez@datadoghq.com&gt;
diff --git a/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java b/dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java
@@ -920,10 +920,14 @@ private NoopFlow onRequestEnded(RequestContext ctx_, IGSpanInfo spanInfo) {
         // Report all collected request headers on user tracking event
         writeRequestHeaders(
             ctx, traceSeg, REQUEST_HEADERS_ALLOW_LIST, ctx.getRequestHeaders(), false);
+        writeResponseHeaders(
+            ctx, traceSeg, RESPONSE_HEADERS_ALLOW_LIST, ctx.getResponseHeaders(), false);
       } else {
         // Report minimum set of collected request headers
         writeRequestHeaders(
             ctx, traceSeg, DEFAULT_REQUEST_HEADERS_ALLOW_LIST, ctx.getRequestHeaders(), false);
+        writeResponseHeaders(
+            ctx, traceSeg, RESPONSE_HEADERS_ALLOW_LIST, ctx.getResponseHeaders(), false);
       }
       // If extracted any derivatives - commit them
       if (!ctx.commitDerivatives(traceSeg)) {
diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/GatewayBridgeSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/gateway/GatewayBridgeSpecification.groovy
@@ -1192,6 +1192,10 @@ class GatewayBridgeSpecification extends DDSpecification {
       'x-sigsci-tags'                    : ['SQLI, XSS'],
       'akamai-user-risk'                 : ['uuid=913c4545-757b-4d8d-859d-e1361a828361;status=0'],
     ]
+    mockAppSecCtx.responseHeaders >> [
+      'content-type'  : ['text/plain'],
+      'content-length': ['13'],
+    ]
     final mockCtx = Stub(RequestContext) {
       getData(RequestContextSlot.APPSEC) >> mockAppSecCtx
       getTraceSegment() >> traceSegment
@@ -1217,6 +1221,8 @@ class GatewayBridgeSpecification extends DDSpecification {
     1 * traceSegment.setTagTop('http.request.headers.x-sigsci-requestid', '55c24b96ca84c02201000001')
     1 * traceSegment.setTagTop('http.request.headers.x-sigsci-tags', 'SQLI, XSS')
     1 * traceSegment.setTagTop('http.request.headers.akamai-user-risk', 'uuid=913c4545-757b-4d8d-859d-e1361a828361;status=0')
+    1 * traceSegment.setTagTop('http.response.headers.content-type', 'text/plain')
+    1 * traceSegment.setTagTop('http.response.headers.content-length', '13')
   }
 
   void 'request headers are always set when there are user tracking events'() {
@@ -1226,6 +1232,9 @@ class GatewayBridgeSpecification extends DDSpecification {
       getRequestHeaders() >> [
         'host': ['localhost']
       ]
+      getResponseHeaders() >> [
+        'content-type': ['text/plain']
+      ]
     }
     final mockCtx = Stub(RequestContext) {
       getData(RequestContextSlot.APPSEC) >> mockAppSecCtx
@@ -1239,6 +1248,7 @@ class GatewayBridgeSpecification extends DDSpecification {
 
     then:
     (userTracking ? 1 : 0) * traceSegment.setTagTop('http.request.headers.host', 'localhost')
+    1 * traceSegment.setTagTop('http.response.headers.content-type', 'text/plain')
 
     where:
     tag                                       | userTracking
