Add `tracePropagationTargets` to Node

[smeubank]

Problem statement:

There is currently no way for Node developers to control to which outgoing requests tracing headers are propagated.

Why is this a problem?

• Currently, the Node SDK will send DSC to any outgoing requests including potential PII
• There is currently no config available to block sending information to 3rd parties
• It is also an issue when 3rd parties also use Sentry - Stripe example - and they will treat it as their DSC and can negatively influence DS decisions

How does it work in the Browser SDK?

• tracingOrigins is an array of domains where we can send tracing headers for outgoing requests
• On a request, if the request-target matches an item from the array, it will create a span and add tracing
• A suggestion:
  • separate these 2 (span and instrumenting)
  • that would be a non-breaking change

How to fix?

Currently, we have the tracingOrigins option implemented in the JS browser SDK, and some other SDKs like Java and Android. It has been agreed that another option (tracePropagationTargets) will be included as part of standard features for all Sentry SDK(s). The tracePropagationTargets should also at some point supersede the deprecated tracingOrigins in the Browser SDK.

The desired behavior of tracePropagationTargets in the Node SDK:

• By default, all outgoing requests are instrumented with trace data.
• If a tracePropagationTargets option is provided by the user, only requests with URLs that match an item in the array will have trace data attached.

Further information:

• (DEV-DOCS) Control Sending Trace Data develop#636
• Internal Notion doc with decisions for reference