fix: sanitize Django tracing headers

[dustinbyrne]

💡 Motivation and Context

Django middleware extracts PostHog tracing headers from incoming requests and uses them to set context values. These headers are user-controlled, so sanitize them before they enter context/event properties.

This keeps the existing session/distinct-id behavior, but now strips control characters, trims whitespace, caps header length, ignores non-string values, and falls back to the request user when a distinct-id header sanitizes to empty.

This brings us to parity with how we currently handle these headers in PostHog Django

💚 How did you test it?

• uv run pytest posthog/test/integrations/test_middleware.py -q

📝 Checklist

• I reviewed the submitted code.
• I added tests to verify the changes.
• I updated the docs if needed.
• No breaking change or entry added to the changelog.

If releasing new changes

• Ran sampo add to generate a changeset file
• Added the release label to the PR

[greptile-apps]

Prompt To Fix All With AI

This is a comment left during a code review.
Path: posthog/test/test_client.py
Line: 2425-2477

Comment:
**Prefer parameterised tests**

The two new window-ID tests duplicate the shape of the existing `test_set_context_session_with_capture` / `test_set_context_session_override_in_capture` pair. Per the team's preference, these four tests could be collapsed into one parameterized test covering `(context_value, explicit_override, expected_result)`, removing the duplicated mock setup, `new_context`, `capture`, and assertion boilerplate.

**Context Used:** Do not attempt to comment on incorrect alphabetica... ([source](https://app.greptile.com/review/custom-context?memory=instruction-0))

How can I resolve this? If you propose a fix, please make it concise.

---

This is a comment left during a code review.
Path: posthog/test/integrations/test_middleware.py
Line: 144-208

Comment:
**Prefer parameterised tests**

`test_extract_tags_sanitizes_tracing_headers` and `test_extract_tags_ignores_non_string_tracing_headers` test per-header sanitization rules (control-char stripping, type rejection) but use two independent test methods each building a full `MockRequest`. A single `@parameterized.expand` over `(header_name, raw_value, expected_context_getter, expected_result)` tuples would cover each sanitization rule individually, give more precise failure messages, and avoid the multi-assertion-per-test pattern that hides which header triggered a failure.

**Context Used:** Do not attempt to comment on incorrect alphabetica... ([source](https://app.greptile.com/review/custom-context?memory=instruction-0))

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (1): Last reviewed commit: "feat: add context window id support" | Re-trigger Greptile}

[github-actions]

posthog-python Compliance Report

Date: 2026-04-28 17:26:10 UTC
Duration: 160237ms

✅ All Tests Passed!

30/30 tests passed

---

Capture Tests

✅ 29/29 tests passed

View Details

Test	Status	Duration
Format Validation.Event Has Required Fields	✅	538ms
Format Validation.Event Has Uuid	✅	1509ms
Format Validation.Event Has Lib Properties	✅	1512ms
Format Validation.Distinct Id Is String	✅	1515ms
Format Validation.Token Is Present	✅	1508ms
Format Validation.Custom Properties Preserved	✅	1513ms
Format Validation.Event Has Timestamp	✅	1512ms
Retry Behavior.Retries On 503	✅	9523ms
Retry Behavior.Does Not Retry On 400	✅	3510ms
Retry Behavior.Does Not Retry On 401	✅	3513ms
Retry Behavior.Respects Retry After Header	✅	9517ms
Retry Behavior.Implements Backoff	✅	23538ms
Retry Behavior.Retries On 500	✅	7513ms
Retry Behavior.Retries On 502	✅	7516ms
Retry Behavior.Retries On 504	✅	7524ms
Retry Behavior.Max Retries Respected	✅	23532ms
Deduplication.Generates Unique Uuids	✅	1509ms
Deduplication.Preserves Uuid On Retry	✅	7519ms
Deduplication.Preserves Uuid And Timestamp On Retry	✅	14536ms
Deduplication.Preserves Uuid And Timestamp On Batch Retry	✅	7517ms
Deduplication.No Duplicate Events In Batch	✅	1509ms
Deduplication.Different Events Have Different Uuids	✅	1513ms
Compression.Sends Gzip When Enabled	✅	1516ms
Batch Format.Uses Proper Batch Structure	✅	1511ms
Batch Format.Flush With No Events Sends Nothing	✅	1013ms
Batch Format.Multiple Events Batched Together	✅	1501ms
Error Handling.Does Not Retry On 403	✅	3513ms
Error Handling.Does Not Retry On 413	✅	3509ms
Error Handling.Retries On 408	✅	7527ms

Feature_Flags Tests

✅ 1/1 tests passed

View Details

Test	Status	Duration
Request Payload.Request With Person Properties Device Id	✅	523ms