Enforced W3 specification for 'baggage' header

Author: marco-saia-datadog

packages/core/src/rum/instrumentation/resourceTracking/__tests__/headers.test.ts

@@ -0,0 +1,14 @@
+/*
+ * Unless explicitly stated otherwise all files in this repository are licensed under the Apache License Version 2.0.
+ * This product includes software developed at Datadog (https://www.datadoghq.com/).
+ * Copyright 2016-Present Datadog, Inc.
+ */
+import { isDatadogCustomHeader } from '../headers';
+
+describe('headers', () => {
+    describe('isDatadogCustomHeader', () => {
+        it('returns false for non-custom headers', () => {
+            expect(isDatadogCustomHeader('non-custom-header')).toBeFalsy();
+        });
+    });
+});

packages/core/src/rum/instrumentation/resourceTracking/distributedTracing/distributedTracing.tsx

@@ -26,14 +26,12 @@ export type DdRumResourceTracingAttributes =
           rulePsr: number;
           propagatorTypes: PropagatorType[];
           rumSessionId?: string;
-          baggageHeaders?: Set<string>;
       }
     | {
           tracingStrategy: 'DISCARD';
           traceId?: void;
           spanId?: void;
           samplingPriorityHeader: '0';
-          baggageHeaders?: Set<string>;
       };
 
 const DISCARDED_TRACE_ATTRIBUTES: DdRumResourceTracingAttributes = {

packages/core/src/rum/instrumentation/resourceTracking/distributedTracing/distributedTracingHeaders.ts

@@ -137,27 +137,15 @@ export const getTracingHeadersFromAttributes = (
                 );
             }
         }
-        if (tracingAttributes.rumSessionId) {
-            if (!tracingAttributes.baggageHeaders) {
-                tracingAttributes.baggageHeaders = new Set<string>();
-            }
-
-            tracingAttributes.baggageHeaders?.add(
-                `${DD_RUM_SESSION_ID_TAG}=${tracingAttributes.rumSessionId}`
-            );
-        }
-
-        const baggageHeader = tracingAttributes.baggageHeaders
-            ? Array.from(tracingAttributes.baggageHeaders).join(', ')
-            : null;
-        if (baggageHeader) {
-            headers.push({
-                header: BAGGAGE_HEADER_KEY,
-                value: baggageHeader
-            });
-        }
     });
 
+    if (tracingAttributes.rumSessionId) {
+        headers.push({
+            header: BAGGAGE_HEADER_KEY,
+            value: `${DD_RUM_SESSION_ID_TAG}=${tracingAttributes.rumSessionId}`
+        });
+    }
+
     return headers;
 };
 

packages/core/src/rum/instrumentation/resourceTracking/graphql/__tests__/graphqlHeaders.test.ts

@@ -4,11 +4,11 @@
  * Copyright 2016-Present Datadog, Inc.
  */
 
+import { isDatadogCustomHeader } from '../../headers';
 import {
     DATADOG_GRAPH_QL_OPERATION_NAME_HEADER,
     DATADOG_GRAPH_QL_OPERATION_TYPE_HEADER,
-    DATADOG_GRAPH_QL_VARIABLES_HEADER,
-    isDatadogCustomHeader
+    DATADOG_GRAPH_QL_VARIABLES_HEADER
 } from '../graphqlHeaders';
 
 describe('GraphQL custom headers', () => {
@@ -19,10 +19,4 @@ describe('GraphQL custom headers', () => {
     ])('%s matches the custom header pattern', header => {
         expect(isDatadogCustomHeader(header)).toBeTruthy();
     });
-
-    describe('isDatadogCustomHeader', () => {
-        it('returns false for non-custom headers', () => {
-            expect(isDatadogCustomHeader('non-custom-header')).toBeFalsy();
-        });
-    });
 });

packages/core/src/rum/instrumentation/resourceTracking/graphql/graphqlHeaders.ts

@@ -1,15 +1,10 @@
+import { DATADOG_CUSTOM_HEADER_PREFIX } from '../headers';
+
 /*
  * Unless explicitly stated otherwise all files in this repository are licensed under the Apache License Version 2.0.
  * This product includes software developed at Datadog (https://www.datadoghq.com/).
  * Copyright 2016-Present Datadog, Inc.
  */
-
-const DATADOG_CUSTOM_HEADER_PREFIX = '_dd-custom-header';
-
 export const DATADOG_GRAPH_QL_OPERATION_NAME_HEADER = `${DATADOG_CUSTOM_HEADER_PREFIX}-graph-ql-operation-name`;
 export const DATADOG_GRAPH_QL_VARIABLES_HEADER = `${DATADOG_CUSTOM_HEADER_PREFIX}-graph-ql-variables`;
 export const DATADOG_GRAPH_QL_OPERATION_TYPE_HEADER = `${DATADOG_CUSTOM_HEADER_PREFIX}-graph-ql-operation-type`;
-
-export const isDatadogCustomHeader = (header: string) => {
-    return header.match(new RegExp(`^${DATADOG_CUSTOM_HEADER_PREFIX}`));
-};

packages/core/src/rum/instrumentation/resourceTracking/headers.ts

@@ -0,0 +1,12 @@
+/*
+ * Unless explicitly stated otherwise all files in this repository are licensed under the Apache License Version 2.0.
+ * This product includes software developed at Datadog (https://www.datadoghq.com/).
+ * Copyright 2016-Present Datadog, Inc.
+ */
+
+export const DATADOG_CUSTOM_HEADER_PREFIX = '_dd-custom-header';
+export const DATADOG_BAGGAGE_HEADER = `${DATADOG_CUSTOM_HEADER_PREFIX}-baggage`;
+
+export const isDatadogCustomHeader = (header: string) => {
+    return header.match(new RegExp(`^${DATADOG_CUSTOM_HEADER_PREFIX}`));
+};

packages/core/src/rum/instrumentation/resourceTracking/requestProxy/XHRProxy/XHRProxy.ts

@@ -15,14 +15,15 @@ import { getTracingAttributes } from '../../distributedTracing/distributedTracin
 import {
     DATADOG_GRAPH_QL_OPERATION_NAME_HEADER,
     DATADOG_GRAPH_QL_OPERATION_TYPE_HEADER,
-    DATADOG_GRAPH_QL_VARIABLES_HEADER,
-    isDatadogCustomHeader
+    DATADOG_GRAPH_QL_VARIABLES_HEADER
 } from '../../graphql/graphqlHeaders';
+import { DATADOG_BAGGAGE_HEADER, isDatadogCustomHeader } from '../../headers';
 import type { RequestProxyOptions } from '../interfaces/RequestProxy';
 import { RequestProxy } from '../interfaces/RequestProxy';
 
 import type { ResourceReporter } from './DatadogRumResource/ResourceReporter';
 import { URLHostParser } from './URLHostParser';
+import { formatBaggageHeader } from './baggageHeaderUtils';
 import { calculateResponseSize } from './responseSize';
 
 const RESPONSE_START_LABEL = 'response_start';
@@ -42,6 +43,7 @@ interface DdRumXhrContext {
     reported: boolean;
     timer: Timer;
     tracingAttributes: DdRumResourceTracingAttributes;
+    baggageHeaderEntries: Set<string>;
 }
 
 interface XHRProxyProviders {
@@ -114,7 +116,8 @@ const proxyOpen = (
                 firstPartyHostsRegexMap,
                 tracingSamplingRate,
                 rumSessionId: getCachedSessionId()
-            })
+            }),
+            baggageHeaderEntries: new Set<string>()
         };
         // eslint-disable-next-line prefer-rest-params
         return originalXhrOpen.apply(this, arguments as any);
@@ -130,12 +133,22 @@ const proxySend = (providers: XHRProxyProviders): void => {
             // keep track of start time
             this._datadog_xhr.timer.start();
 
+            // Tracing Headers
             const tracingHeaders = getTracingHeadersFromAttributes(
                 this._datadog_xhr.tracingAttributes
             );
+
             tracingHeaders.forEach(({ header, value }) => {
                 this.setRequestHeader(header, value);
             });
+
+            // Join all baggage header entries
+            const baggageHeader = formatBaggageHeader(
+                this._datadog_xhr.baggageHeaderEntries
+            );
+            if (baggageHeader) {
+                this.setRequestHeader(DATADOG_BAGGAGE_HEADER, baggageHeader);
+            }
         }
 
         proxyOnReadyStateChange(this, providers);
@@ -214,30 +227,37 @@ const proxySetRequestHeader = (providers: XHRProxyProviders): void => {
         header: string,
         value: string
     ) {
-        if (isDatadogCustomHeader(header)) {
-            if (header === DATADOG_GRAPH_QL_OPERATION_NAME_HEADER) {
-                this._datadog_xhr.graphql.operationName = value;
-                return;
+        const key = header.toLowerCase();
+        if (isDatadogCustomHeader(key)) {
+            switch (key) {
+                case DATADOG_GRAPH_QL_OPERATION_NAME_HEADER:
+                    this._datadog_xhr.graphql.operationName = value;
+                    break;
+                case DATADOG_GRAPH_QL_OPERATION_TYPE_HEADER:
+                    this._datadog_xhr.graphql.operationType = value;
+                    break;
+                case DATADOG_GRAPH_QL_VARIABLES_HEADER:
+                    this._datadog_xhr.graphql.variables = value;
+                    break;
+                case DATADOG_BAGGAGE_HEADER:
+                    // Apply Baggage Header only if pre-processed by Datadog
+                    return originalXhrSetRequestHeader.apply(this, [
+                        BAGGAGE_HEADER_KEY,
+                        value
+                    ]);
+                default:
+                    return originalXhrSetRequestHeader.apply(
+                        this,
+                        // eslint-disable-next-line prefer-rest-params
+                        arguments as any
+                    );
             }
-            if (header === DATADOG_GRAPH_QL_OPERATION_TYPE_HEADER) {
-                this._datadog_xhr.graphql.operationType = value;
-                return;
-            }
-            if (header === DATADOG_GRAPH_QL_VARIABLES_HEADER) {
-                this._datadog_xhr.graphql.variables = value;
-                return;
-            }
-        }
-
-        if (header.toLowerCase() === BAGGAGE_HEADER_KEY) {
-            if (!this._datadog_xhr.tracingAttributes.baggageHeaders) {
-                this._datadog_xhr.tracingAttributes.baggageHeaders = new Set<string>();
-            }
-
-            this._datadog_xhr.tracingAttributes.baggageHeaders?.add(value);
+        } else if (key === BAGGAGE_HEADER_KEY) {
+            // Intercept User Baggage Header entries to apply them later
+            this._datadog_xhr.baggageHeaderEntries?.add(value);
+        } else {
+            // eslint-disable-next-line prefer-rest-params
+            return originalXhrSetRequestHeader.apply(this, arguments as any);
         }
-
-        // eslint-disable-next-line prefer-rest-params
-        return originalXhrSetRequestHeader.apply(this, arguments as any);
     };
 };

packages/core/src/rum/instrumentation/resourceTracking/requestProxy/XHRProxy/__tests__/XHRProxy.test.ts

@@ -882,7 +882,7 @@ describe('XHRProxy', () => {
             );
 
             const values = xhr.requestHeaders[BAGGAGE_HEADER_KEY].split(
-                ', '
+                ','
             ).sort();
 
             expect(values[0]).toBe('existing.key=existing-value');

packages/core/src/rum/instrumentation/resourceTracking/requestProxy/XHRProxy/__tests__/baggageHeaderUtils.test.ts

@@ -0,0 +1,106 @@
+import { InternalLog } from '../../../../../../InternalLog';
+import { SdkVerbosity } from '../../../../../../SdkVerbosity';
+import { formatBaggageHeader } from '../baggageHeaderUtils';
+
+describe('formatBaggageHeader', () => {
+    let logSpy: jest.SpyInstance;
+
+    beforeEach(() => {
+        logSpy = jest.spyOn(InternalLog, 'log').mockImplementation(() => {});
+    });
+
+    afterEach(() => {
+        logSpy.mockRestore();
+    });
+
+    it('should format simple key=value entries correctly', () => {
+        const entries = new Set(['userId=alice', 'isProduction=false']);
+        const result = formatBaggageHeader(entries);
+        expect(result).toBe('userId=alice,isProduction=false');
+        expect(logSpy).not.toHaveBeenCalled();
+    });
+
+    it('should percent-encode spaces and non-ASCII characters in values', () => {
+        const entries = new Set(['user=Amélie', 'region=us east']);
+        const result = formatBaggageHeader(entries);
+        expect(result).toBe('user=Am%C3%A9lie,region=us%20east');
+    });
+
+    it('should support properties with and without values', () => {
+        const entries = new Set(['traceId=abc123;sampled=true;debug']);
+        const result = formatBaggageHeader(entries);
+        expect(result).toBe('traceId=abc123;sampled=true;debug');
+    });
+
+    it('should trim whitespace around keys, values, and properties', () => {
+        const entries = new Set([' foo = bar ; p1 = one ; p2 ']);
+        const result = formatBaggageHeader(entries);
+        expect(result).toBe('foo=bar;p1=one;p2');
+    });
+
+    it('should skip invalid entries without crashing', () => {
+        const entries = new Set(['valid=ok', 'invalidEntry']);
+        const result = formatBaggageHeader(entries);
+        expect(result).toBe('valid=ok');
+        expect(logSpy).toHaveBeenCalledWith(
+            expect.stringContaining('Dropped invalid baggage header entry'),
+            SdkVerbosity.WARN
+        );
+    });
+
+    it('should skip entries with invalid key (non-token)', () => {
+        const entries = new Set(['in valid=value', 'user=ok']);
+        const result = formatBaggageHeader(entries);
+        expect(result).toBe('user=ok');
+        expect(logSpy).toHaveBeenCalledWith(
+            expect.stringContaining('key not compliant'),
+            SdkVerbosity.WARN
+        );
+    });
+
+    it('should skip invalid properties (bad property key)', () => {
+        const entries = new Set(['user=ok;invalid key=value;good=yes']);
+        const result = formatBaggageHeader(entries);
+        expect(result).toBe('user=ok;good=yes');
+        expect(logSpy).toHaveBeenCalledWith(
+            expect.stringContaining('property key not compliant'),
+            SdkVerbosity.WARN
+        );
+    });
+
+    it('should log warning when too many members (>64)', () => {
+        const entries = new Set<string>();
+        for (let i = 0; i < 70; i++) {
+            entries.add(`k${i}=v${i}`);
+        }
+        const result = formatBaggageHeader(entries);
+        expect(result?.startsWith('k0=v0')).toBe(true);
+        expect(logSpy).toHaveBeenCalledWith(
+            expect.stringContaining('Too many baggage members'),
+            SdkVerbosity.WARN
+        );
+    });
+
+    it('should log warning when header exceeds byte limit', () => {
+        const bigValue = 'x'.repeat(9000);
+        const entries = new Set([`large=${bigValue}`]);
+        const result = formatBaggageHeader(entries);
+        expect(result).toContain('large=');
+        expect(logSpy).toHaveBeenCalledWith(
+            expect.stringContaining('Baggage header too large'),
+            SdkVerbosity.WARN
+        );
+    });
+
+    it('should return null if all entries are invalid', () => {
+        const entries = new Set(['badEntry', 'stillBad']);
+        const result = formatBaggageHeader(entries);
+        expect(result).toBeNull();
+    });
+
+    it('should preserve insertion order', () => {
+        const entries = new Set(['first=1', 'second=2', 'third=3']);
+        const result = formatBaggageHeader(entries);
+        expect(result).toBe('first=1,second=2,third=3');
+    });
+});