fix(utils): Streamline IP capturing on incoming requests

[mydea]

This PR does three things:

1. It ensures we infer the IP (in RequestData integration) from IP-related headers, if available.
2. It ensures we do not send these headers if IP capturing is not enabled (which is the default)
3. It removes the custom handling we had for this in remix, as this should now just be handled generally

Closes #13260

[github-actions]

size-limit report 📦

Path	Size
@sentry/browser	22.47 KB (0%)
@sentry/browser (incl. Tracing)	34.26 KB (0%)
@sentry/browser (incl. Tracing, Replay)	70.31 KB (0%)
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags	63.64 KB (0%)
@sentry/browser (incl. Tracing, Replay with Canvas)	74.71 KB (0%)
@sentry/browser (incl. Tracing, Replay, Feedback)	87.32 KB (0%)
@sentry/browser (incl. Tracing, Replay, Feedback, metrics)	89.16 KB (0%)
@sentry/browser (incl. metrics)	26.77 KB (0%)
@sentry/browser (incl. Feedback)	39.42 KB (0%)
@sentry/browser (incl. sendFeedback)	27.09 KB (0%)
@sentry/browser (incl. FeedbackAsync)	31.75 KB (0%)
@sentry/react	25.24 KB (0%)
@sentry/react (incl. Tracing)	37.25 KB (0%)
@sentry/vue	26.62 KB (0%)
@sentry/vue (incl. Tracing)	36.1 KB (0%)
@sentry/svelte	22.61 KB (0%)
CDN Bundle	23.69 KB (0%)
CDN Bundle (incl. Tracing)	35.93 KB (0%)
CDN Bundle (incl. Tracing, Replay)	70.36 KB (0%)
CDN Bundle (incl. Tracing, Replay, Feedback)	75.61 KB (0%)
CDN Bundle - uncompressed	69.52 KB (0%)
CDN Bundle (incl. Tracing) - uncompressed	106.43 KB (0%)
CDN Bundle (incl. Tracing, Replay) - uncompressed	218.27 KB (0%)
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	231.16 KB (0%)
@sentry/nextjs (client)	37.1 KB (0%)
@sentry/sveltekit (client)	34.81 KB (0%)
@sentry/node	115.27 KB (+0.37% 🔺)
@sentry/node - without tracing	89.77 KB (+0.5% 🔺)
@sentry/aws-serverless	98.94 KB (+0.44% 🔺)

[lforst]

It ensures we do not send these headers if IP capturing is not enabled (which is the default)

I don't like this change a ton because a) it is a bit intransparent to debug b) it is behaviourally breaking if people set ip: false, so that sentry picks up the headers from let's say x-Real-Ip.

[mydea]

I don't like this change a ton because a) it is a bit intransparent to debug b) it is behaviourally breaking if people set ip: false, so that sentry picks up the headers from let's say x-Real-Ip.

I would say that it was a bug that we did not do that before. If I do not enable IP capturing, we should not capture IPs, and it was not a conscious choice to do that (and it's also inconsistent with other platforms, e.g. in python we do what this PR introduces). We do the same for the cookie header, I do not think it is confusing that there is no cookie header if you do not enable cookie capturing, and the same applies here IMHO!

If you used to rely on these headers, and suddenly they are gone, and you notice that, you can properly opt-in to IP capturing to get your desired outcome again!

[andreiborza]

q: do we need to spread include.request here?

[mydea]

yeah, because we mutate this below possibly (adding the ip), and don't want to mutate what the user passes in! (ran into this in a test...)