-
Notifications
You must be signed in to change notification settings - Fork 189
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Normalizing HTTP header names is ambiguous #304
Comments
Probably we should define which one wins in this case. I'd go for the hyphen one, as the underscore one does not usually occur and could be used by a bad actor to confuse tracing. Although header names to capture are anyways configured one-by-one IIRC, so it should not be a security problem |
I would be in favor of removing this part of the normalization but I fear that ship has sailed or would at least requires a 2.0 release. |
This normalization (or rather the reversion of it) is very common, and also done by CGI and Python WSGI, so I don't think there will be a problem in practice. |
It's not too late yet, but soon will be. We will be marking HTTP semantic conventions as stable very soon. Removing the
instead of
@open-telemetry/specs-semconv-approvers do we have a reason to try to avoid dashes ( I don't see discussion/context of why we would want to do this particular part of the normalization when it was originally proposed in open-telemetry/opentelemetry-specification#1898 (comment) |
sent #369 to help attract attention and force a decision one way or another on this issue before stabilization |
HTTP Span SemConv requires to normalize HTTP header name attributes.
using lower case is fine because HTTP tells to handle header names case insensitive (HTTP/2 requires to them even lowercase).
But replacing
-
by_
seems problematic because both chars are allowed in http header names.Therefore this may result in merging/overwrite issues on instrumentation side and unclear interpretation on backend side.
The text was updated successfully, but these errors were encountered: