Add http.request.header.<key> attributes to HTTP client spans #3962
Description
What problem do you want to solve?
The OpenTelemetry semantic conventions list http.request.header.<key> as a stable Opt-In attribute for HTTP Spans [link] In particular, the semantic conventions mention that
http.request.header.<key>: Instrumentations SHOULD require an explicit configuration of which headers are to be captured. Including all request headers can be a security risk - explicit configuration helps avoid leaking sensitive information.
Describe the solution you'd like
Similar to HTTP server instrumentation, we can implement these changes by introducing two new environment variables:
OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_CLIENT_REQUESTOTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_CLIENT_RESPONSE
These are analogous to the currently existing OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SERVER_REQUEST and OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SERVER_RESPONSE environment variables. We can reuse the existing OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SANITIZE_FIELDS environment variable for determining which headers should be sanitized, although it might also be valid to consider introducing client and server specific header sanitation environment variables that would apply individually to client and server spans.
Would you like to implement a fix?
Yes
Tip
React with 👍 to help prioritize this issue. Please use comments to provide useful context, avoiding +1 or me too, to help us triage it. Learn more here.