Avoid propagating baggage across unsafe boundaries

[vmarchaud]

This topic was raised at some point back in days in the spec repo without clear answer, simply put we currently propagate context with whatever users are pushing into it (potentially PII).
As i'm just an end user now, i propagate PII into baggage to easily debug issues however i wouldn't want to sent that info to 3rd party that my code interact with.

I could easily suppress the tracing with our mechanism to avoid exporter loops but that would means that i wouldn't get the span too, which i want to understand the whole trace.
Since there is already a discussion in the spec, i don't think it would be a good idea to implement something in the SDK. I think the easiest would be to modify the incoming/outgoing HTTP hooks to allow to return a context instead of a boolean, which then would be used and allow user to decide whether or not to stop tracing/propagation or whatever they want.

Soliciting feedback before making a PR :)

Similar discussions across the ot org:

• Controlling context propagation boundary opentelemetry-specification#1633
• Allow restricting propagation of OpenTelemetry trace headers opentelemetry-java-instrumentation#8038
• Allow overriding propagation of tracing headers opentelemetry-java-instrumentation#8786

[github-actions]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days.

[github-actions]

This issue was closed because it has been stale for 14 days with no activity.