From 63231257a0b62e22d699c3399043826186095832 Mon Sep 17 00:00:00 2001
From: Trask Stalnaker <trask.stalnaker@gmail.com>
Date: Fri, 13 Oct 2023 07:46:22 -0700
Subject: [PATCH] Add cardinality warning about two opt-in HTTP metric
 attributes (#401)

Co-authored-by: Joao Grassi <joao.grassi@dynatrace.com>
---
 CHANGELOG.md              | 2 ++
 docs/http/http-metrics.md | 6 ++++++
 model/metrics/http.yaml   | 6 ++++++
 3 files changed, 14 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 91249c0b5d..64d9b2c8ba 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,8 @@ release.
 - Clarify that `error.type` should be the fully-qualified exception class name
   when it represents an exception type.
   ([#387](https://github.com/open-telemetry/semantic-conventions/pull/387))
+- Add cardinality warning about two opt-in HTTP metric attributes
+  ([#401](https://github.com/open-telemetry/semantic-conventions/pull/401))
 
 ## v1.22.0 (2023-10-12)
 
diff --git a/docs/http/http-metrics.md b/docs/http/http-metrics.md
index 0aa1e339fe..2da82c97d6 100644
--- a/docs/http/http-metrics.md
+++ b/docs/http/http-metrics.md
@@ -209,6 +209,9 @@ Tracing instrumentations that do so, MUST also set `http.request.method_original
 
 SHOULD NOT be set if only IP address is available and capturing name would require a reverse DNS lookup.
 
+Warning: since this attribute may be based on the `Host` header, opting in to it may allow an attacker
+to trigger cardinality limits, degrading the usefulness of the metric.
+
 **[3]:** Determined by using the first of the following that applies
 
 - Port identifier of the [primary server host](/docs/http/http-spans.md#http-server-definitions) of the matched virtual host.
@@ -216,6 +219,9 @@ SHOULD NOT be set if only IP address is available and capturing name would requi
   if it's sent in absolute-form.
 - Port identifier of the `Host` header
 
+Warning: since this attribute may be based on the `Host` header, opting in to it may allow an attacker
+to trigger cardinality limits, degrading the usefulness of the metric.
+
 `http.request.method` has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.
 
 | Value  | Description |
diff --git a/model/metrics/http.yaml b/model/metrics/http.yaml
index e9015a92d9..2596a06f08 100644
--- a/model/metrics/http.yaml
+++ b/model/metrics/http.yaml
@@ -52,6 +52,9 @@ groups:
 
           SHOULD NOT be set if only IP address is available and capturing name would require a reverse DNS lookup.
 
+          Warning: since this attribute may be based on the `Host` header, opting in to it may allow an attacker
+          to trigger cardinality limits, degrading the usefulness of the metric.
+
       - ref: server.port
         requirement_level: opt_in
         brief: >
@@ -64,6 +67,9 @@ groups:
             if it's sent in absolute-form.
           - Port identifier of the `Host` header
 
+          Warning: since this attribute may be based on the `Host` header, opting in to it may allow an attacker
+          to trigger cardinality limits, degrading the usefulness of the metric.
+
   - id: metric.http.server.request.body.size
     type: metric
     metric_name: http.server.request.body.size