[undici] add all headers

mbrevda commented 1 month ago

Is your feature request related to a problem? Please describe

Headers must be whitelisted to be added to the trace

Describe the solution you'd like to see

Describe alternatives you've considered

Additional context

An option should be added to allow adding all headers, with perhaps a blacklist option of headers not to add (such as sensitive headers)

Thanks!

pichlermarc commented 3 weeks ago

cc @david-luna @trentm (owners)

david-luna commented 2 weeks ago

Hi @mbrevda

I guess the instrumentation can assume that if there is a block list for headers it should send them all but the ones in the config. The behaviour could be described this way:

no headers config => send nothing (for backwards compatibility)
only headersToSpanAttributes present => send only the headers defined there
only blockHeadersToSpanAttributes present => send all headers but the ones defined in the config
both properties defined => sends the ones defined in headersToSpanAttributes if not present in blockheadersToSpanAttributes

so the following config would make undici to send all headers but autorization

{
  "blockheadersToSpanAttributes": {
    "requestHeaders": ["authorization"]
  }
}

Maybe allowing to have a function would be more straight forward but IMO this way eventually we can have this configuration via env vars.

Thoughts?

open-telemetry / opentelemetry-js-contrib