How to set `credentials: include`? If it cannot be done, please add an option to include Cookies for the Exporters.

[yaohongkok]

Background

Discussed in https://github.com/open-telemetry/opentelemetry-js/discussions/4807

^{Originally posted by yaohongkok June 18, 2024} I have a Collector running on b.example.com. CORS is enabled on my Collector, and a custom authenticator reads cookies from the request headers.

My frontend JavaScript app, hosted on a.example.com, uses OpenTelemetry JS to send observability data (logs, metrics, or traces) to the Collector at b.example.com. An authentication token (SameSite: None & Secure) is stored as a cookie on a.example.com and is valid for .example.com.

When I send observability data using OpenTelemetry JS to the Collector (b.example.com), the cookies from a.example.com are not attached to the request by the browser. Various sources suggest the need to use credentials: include in the fetch or XMLHttpRequest.

Upon reviewing the source code, it appears there is no straightforward way to include the credentials: include or xhr.withCredentials = true option in the OTLP Exporters (in OpenTelemetry JS). Can someone guide me on how to achieve this using OpenTelemetry JS?

If I am missing something, please let me know.

Additional Details

Based on my research, I believe the exporter sends the observability data using the sendWithXhr function:

https://github.com/open-telemetry/opentelemetry-js/blob/cdd5284dc375ba30168cd98a2ec943f2b807977e/experimental/packages/otlp-exporter-base/src/platform/browser/util.ts#L60

From my understanding of the code, it seems like there is no easy way to add the withCredentials property. If this is indeed the case, may I recommend adding this as an enhancement request?