[Tracing] Add URI query parameter sanitization
pvaneck opened this issue · 2 comments
pvaneck commented
By default, the url.full
HTTP span attribute contains no sanitization. We should change the default to sanitize all query parameters that do not fall into some allow list.
Example: https://server:port/path/a/b/c?foo=REDACTED&bar=REDACTED&api-version=1.2.34
This "allow list" for query parameters should also be configurable by users. The HttpLoggingPolicy does have a allowed_query_params
field, but this does not appear to be getting any use. Something similar could be employed to allow user customization.
github-actions commented
Thank you for your feedback. Tagging and routing to the team member best able to assist.
github-actions commented