[Tracing] Add URI query parameter sanitization

Question

[Tracing] Add URI query parameter sanitization

pvaneck opened this issue 23 days ago · 2 comments

By default, the url.full HTTP span attribute contains no sanitization. We should change the default to sanitize all query parameters that do not fall into some allow list.

Example: https://server:port/path/a/b/c?foo=REDACTED&bar=REDACTED&api-version=1.2.34

This "allow list" for query parameters should also be configurable by users. The HttpLoggingPolicy does have a allowed_query_params field, but this does not appear to be getting any use. Something similar could be employed to allow user customization.

Answer 1 · 2024-04-25T19:06:32.000Z

Thank you for your feedback. Tagging and routing to the team member best able to assist.

Answer 2 · 2024-04-25T19:06:32.000Z

@kashifkhan @xiangyan99