You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The agent captures an hard-coded list of specific HTTP request headers. Headers often include sensitive information that should not be recorded in telemetry, so we ought not record them all. Adding a configurable allow list of header names to record would allow users to selectively include headers they want the agent to record into events sent to Honeycomb.
The text was updated successfully, but these errors were encountered:
Consider having a specific allow-list. Include user-agent by default, and show that in an example and encourage folks to always have it. We can do this like the OTEL_PROPAGATORS, which defaults to tracecontext,baggage and if that environment variable is updated it must include those explicitly if they are wanted, otherwise they will be overwritten.
Since this will likely be case-sensitive, be sure to document that. We'll see if it's necessary to lowercase everything based on feedback, but to reduce performance overhead in processing headers. If we can find a low-impact way to check lowercase things, that would be ideal.
## Which problem is this PR solving?
The current list of HTTP headers that are extracted for request/response
pairs is limited to just `User-Agent`.
This PR adds a configuration option to provide a custom set of headers
that will be extracted from HTTP request/response pair. The agent looks
in the new `HTTP_HEADERS` env var for a comma separated list of headers
to extract in place of default set of headers.
- Closes#215
## Short description of the changes
- Move default headers to extract from http parser to config
- Add `HTTPHeadersToExtract` to config struct which is populated from
the default set plus any additional headers found in `HTTP_HEADERS` env
var
- Add new `LookupEnvAsStringSlice` func to utils that is used to get the
list of headers
- Update HTTP Parser to take the list of headers to extract as part of
`NewHTTPParser`
- Add unit tests to config and http parser
- Add new env var to README
## How to verify that this has the expected result
When configuring the agent, a list of additional HTTP headers can be set
and will be extracted from HTTP request/responses.
---------
Co-authored-by: Jamie Danielson <jamieedanielson@gmail.com>
Co-authored-by: Robb Kidd <robbkidd@honeycomb.io>
The agent captures an hard-coded list of specific HTTP request headers. Headers often include sensitive information that should not be recorded in telemetry, so we ought not record them all. Adding a configurable allow list of header names to record would allow users to selectively include headers they want the agent to record into events sent to Honeycomb.
The text was updated successfully, but these errors were encountered: