feat(bun): Set http response header attributes instead of response context headers

Author: Lms24

packages/bun/src/integrations/bunserver.ts

@@ -207,10 +207,9 @@ function wrapRequestHandler<T extends RouteHandler = RouteHandler>(
       routeName = route;
     }
 
-    Object.assign(
-      attributes,
-      httpHeadersToSpanAttributes(request.headers.toJSON(), getClient()?.getOptions().sendDefaultPii ?? false),
-    );
+    const sendDefaultPii = getClient()?.getOptions().sendDefaultPii ?? false;
+
+    Object.assign(attributes, httpHeadersToSpanAttributes(request.headers.toJSON(), sendDefaultPii));
 
     isolationScope.setSDKProcessingMetadata({
       normalizedRequest: {
@@ -238,10 +237,12 @@ function wrapRequestHandler<T extends RouteHandler = RouteHandler>(
               const response = (await target.apply(thisArg, args)) as Response | undefined;
               if (response?.status) {
                 setHttpStatus(span, response.status);
+
                 isolationScope.setContext('response', {
-                  headers: response.headers.toJSON(),
                   status_code: response.status,
                 });
+
+                span.setAttributes(httpHeadersToSpanAttributes(response.headers.toJSON(), sendDefaultPii, 'response'));
               }
               return response;
             } catch (e) {

packages/core/src/utils/request.ts

@@ -152,15 +152,22 @@ const SENSITIVE_HEADER_SNIPPETS = [
 const PII_HEADER_SNIPPETS = ['x-forwarded-', '-user'];
 
 /**
- * Converts incoming HTTP request headers to OpenTelemetry span attributes following semantic conventions.
- * Header names are converted to the format: http.request.header.<key>
+ * Converts incoming HTTP request or response headers to OpenTelemetry span attributes following semantic conventions.
+ * Header names are converted to the format: http.<request|response>.header.<key>
  * where <key> is the header name in lowercase with dashes converted to underscores.
  *
+ * @param lifecycle - The lifecycle of the headers, either 'request' or 'response'
+ *
  * @see https://opentelemetry.io/docs/specs/semconv/registry/attributes/http/#http-request-header
+ * @see https://opentelemetry.io/docs/specs/semconv/registry/attributes/http/#http-response-header
+ *
+ * @see https://getsentry.github.io/sentry-conventions/attributes/http/#http-request-header-key
+ * @see https://getsentry.github.io/sentry-conventions/attributes/http/#http-response-header-key
  */
 export function httpHeadersToSpanAttributes(
   headers: Record<string, string | string[] | undefined>,
   sendDefaultPii: boolean = false,
+  lifecycle: 'request' | 'response' = 'request',
 ): Record<string, string> {
   const spanAttributes: Record<string, string> = {};
 
@@ -189,10 +196,17 @@ export function httpHeadersToSpanAttributes(
 
           const lowerCasedCookieKey = cookieKey.toLowerCase();
 
-          addSpanAttribute(spanAttributes, lowerCasedHeaderKey, lowerCasedCookieKey, cookieValue, sendDefaultPii);
+          addSpanAttribute(
+            spanAttributes,
+            lowerCasedHeaderKey,
+            lowerCasedCookieKey,
+            cookieValue,
+            sendDefaultPii,
+            lifecycle,
+          );
         }
       } else {
-        addSpanAttribute(spanAttributes, lowerCasedHeaderKey, '', value, sendDefaultPii);
+        addSpanAttribute(spanAttributes, lowerCasedHeaderKey, '', value, sendDefaultPii, lifecycle);
       }
     });
   } catch {
@@ -212,15 +226,15 @@ function addSpanAttribute(
   cookieKey: string,
   value: string | string[] | undefined,
   sendPii: boolean,
+  lifecycle: 'request' | 'response',
 ): void {
-  const normalizedKey = cookieKey
-    ? `http.request.header.${normalizeAttributeKey(headerKey)}.${normalizeAttributeKey(cookieKey)}`
-    : `http.request.header.${normalizeAttributeKey(headerKey)}`;
-
   const headerValue = handleHttpHeader(cookieKey || headerKey, value, sendPii);
-  if (headerValue !== undefined) {
-    spanAttributes[normalizedKey] = headerValue;
+  if (headerValue == null) {
+    return;
   }
+
+  const normalizedKey = `http.${lifecycle}.header.${normalizeAttributeKey(headerKey)}${cookieKey ? `.${normalizeAttributeKey(cookieKey)}` : ''}`;
+  spanAttributes[normalizedKey] = headerValue;
 }
 
 function handleHttpHeader(

packages/core/test/lib/utils/request.test.ts

@@ -780,6 +780,42 @@ describe('request utils', () => {
           'http.request.header.x_saml_token': '[Filtered]',
         });
       });
+
+      it('returns response header attributes if `lifecycle` is "response"', () => {
+        const headers = {
+          Host: 'example.com',
+          'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36',
+          Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+          'Accept-Language': 'en-US,en;q=0.5',
+          'Accept-Encoding': 'gzip, deflate',
+          Connection: 'keep-alive',
+          'Upgrade-Insecure-Requests': '1',
+          'Cache-Control': 'no-cache',
+          'X-Forwarded-For': '192.168.1.1',
+          Authorization: '[Filtered]',
+          'x-bearer-token': 'bearer',
+          'x-sso-token': 'sso',
+          'x-saml-token': 'saml',
+        };
+
+        const result = httpHeadersToSpanAttributes(headers, false, 'response');
+
+        expect(result).toEqual({
+          'http.response.header.host': 'example.com',
+          'http.response.header.user_agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36',
+          'http.response.header.accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+          'http.response.header.accept_language': 'en-US,en;q=0.5',
+          'http.response.header.accept_encoding': 'gzip, deflate',
+          'http.response.header.connection': 'keep-alive',
+          'http.response.header.upgrade_insecure_requests': '1',
+          'http.response.header.cache_control': 'no-cache',
+          'http.response.header.x_forwarded_for': '[Filtered]',
+          'http.response.header.authorization': '[Filtered]',
+          'http.response.header.x_bearer_token': '[Filtered]',
+          'http.response.header.x_saml_token': '[Filtered]',
+          'http.response.header.x_sso_token': '[Filtered]',
+        });
+      });
     });
   });
 });