Should OTEL_EXPORTER_OTLP_HEADERS contain CGI escaped values?

[arielvalentin]

We are trying to use the OTEL_EXPORTER_OTLP_HEADERS to configure the SDK with custom authentication token headers and we found that the stringToHeader function is CGI unescaping the values, which requires us to CGI escape the keys and values:

https://github.com/open-telemetry/opentelemetry-go/blob/main/exporters/otlp/otlptrace/internal/otlpconfig/envconfig.go#L180

name, err := url.QueryUnescape(nameValue[0])
if err != nil {
	continue
}
trimmedName := strings.TrimSpace(name)
value, err := url.QueryUnescape(nameValue[1])
if err != nil {
	continue
}

However, after reviewing the Specification it looks like there is not an explicit requirement for the values to be CGI escaped:

Specifying headers via environment variables

The OTEL_EXPORTER_OTLP_HEADERS, OTEL_EXPORTER_OTLP_TRACES_HEADERS, OTEL_EXPORTER_OTLP_METRICS_HEADERS environment variables will contain a list of key value pairs, and these are expected to be represented in a format matching to the W3C Correlation-Context, except that additional semi-colon delimited metadata is not supported, i.e.: key1=value1,key2=value2. All attribute values MUST be considered strings.

As far as I can tell I do not see any explicit guidance in the header format that states the keys and values should be CGI escaped:

https://github.com/w3c/baggage/blob/main/baggage/HTTP_HEADER_FORMAT.md

Is there something I am misunderstanding here? Is there a requirement for the environment variables to have CGI Escaped Keys and Values?

cc: @open-telemetry/ruby-approvers

[MrAlias]

This looks like a bug. I'm going to convert this to an issue to track the work.

[MrAlias]

#2110