fix: Address PR review comments for strict trace continuation

- Remove duplicated org ID check in PropagationContext.fromHeaders, pass
  options through to the single-check overload instead
- Add debug log when trace is not continued in the SentryTraceHeader overload
- Handle empty/blank org ID strings in shouldContinueTrace to avoid
  silently breaking traces
- Update OtelSentrySpanProcessor to use PropagationContext.fromHeaders
  with options for org_id validation
- Rename ExternalOptions property key to enable-strict-trace-continuation
  (matching the enable- prefix convention for newer options)
- Update ExternalOptionsTest to use the new property key
- Add strict-trace-continuation and org-id properties to all 3 Spring
  Boot SentryAutoConfigurationTest modules
- Improve CHANGELOG entry with detailed customer-facing descriptions
  and configuration examples for all options

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: giortzisg

CHANGELOG.md

@@ -6,8 +6,8 @@
 
 - Prevent cross-organization trace continuation ([#5136](https://github.com/getsentry/sentry-java/pull/5136))
   - By default, the SDK now extracts the organization ID from the DSN (e.g. `o123.ingest.sentry.io`) and compares it with the `sentry-org_id` value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
-  - New option `strictTraceContinuation` (default `false`): when enabled, both the SDK's org ID **and** the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected.
-  - New option `orgId`: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code, `sentry.properties` (`org-id`), or Android manifest (`io.sentry.org-id`).
+  - New option `enableStrictTraceContinuation` (default `false`): when enabled, both the SDK's org ID **and** the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (`setStrictTraceContinuation(true)`), `sentry.properties` (`enable-strict-trace-continuation=true`), Android manifest (`io.sentry.strict-trace-continuation`), or Spring Boot (`sentry.strict-trace-continuation=true`).
+  - New option `orgId`: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (`setOrgId("123")`), `sentry.properties` (`org-id=123`), Android manifest (`io.sentry.org-id`), or Spring Boot (`sentry.org-id=123`).
 
 ## 8.34.1
 

sentry-opentelemetry/sentry-opentelemetry-core/src/main/java/io/sentry/opentelemetry/OtelSentrySpanProcessor.java

@@ -22,6 +22,7 @@
 import io.sentry.SentryEvent;
 import io.sentry.SentryLevel;
 import io.sentry.SentryLongDate;
+import io.sentry.SentryOptions;
 import io.sentry.SentryTraceHeader;
 import io.sentry.SpanId;
 import io.sentry.TracesSamplingDecision;
@@ -94,9 +95,16 @@ public void onStart(final @NotNull Context parentContext, final @NotNull ReadWri
         }
       }
 
-      final @NotNull PropagationContext propagationContext =
-          new PropagationContext(
-              new SentryId(traceId), sentrySpanId, sentryParentSpanId, baggage, sampled);
+      final @NotNull SentryOptions sentryOptions = scopes.getOptions();
+      final @NotNull PropagationContext propagationContext;
+      if (sentryTraceHeader != null) {
+        propagationContext =
+            PropagationContext.fromHeaders(sentryTraceHeader, baggage, sentrySpanId, sentryOptions);
+      } else {
+        propagationContext =
+            new PropagationContext(
+                new SentryId(traceId), sentrySpanId, sentryParentSpanId, baggage, sampled);
+      }
 
       baggage = propagationContext.getBaggage();
       baggage.setValuesFromSamplingDecision(samplingDecision);

sentry-spring-boot-4/src/test/kotlin/io/sentry/spring/boot4/SentryAutoConfigurationTest.kt

@@ -242,6 +242,8 @@ class SentryAutoConfigurationTest {
         "sentry.cron.default-failure-issue-threshold=40",
         "sentry.cron.default-recovery-threshold=50",
         "sentry.logs.enabled=true",
+        "sentry.strict-trace-continuation=true",
+        "sentry.org-id=12345",
       )
       .run {
         val options = it.getBean(SentryProperties::class.java)
@@ -296,6 +298,8 @@ class SentryAutoConfigurationTest {
         assertThat(options.cron!!.defaultFailureIssueThreshold).isEqualTo(40L)
         assertThat(options.cron!!.defaultRecoveryThreshold).isEqualTo(50L)
         assertThat(options.logs.isEnabled).isEqualTo(true)
+        assertThat(options.isStrictTraceContinuation).isEqualTo(true)
+        assertThat(options.orgId).isEqualTo("12345")
       }
   }
 

sentry-spring-boot-jakarta/src/test/kotlin/io/sentry/spring/boot/jakarta/SentryAutoConfigurationTest.kt

@@ -249,6 +249,8 @@ class SentryAutoConfigurationTest {
         "sentry.profile-session-sample-rate=1.0",
         "sentry.profiling-traces-dir-path=tmp/sentry/profiling-traces",
         "sentry.profile-lifecycle=TRACE",
+        "sentry.strict-trace-continuation=true",
+        "sentry.org-id=12345",
       )
       .run {
         val options = it.getBean(SentryProperties::class.java)
@@ -307,6 +309,8 @@ class SentryAutoConfigurationTest {
         assertThat(options.profilingTracesDirPath)
           .startsWith(File("tmp/sentry/profiling-traces").absolutePath)
         assertThat(options.profileLifecycle).isEqualTo(ProfileLifecycle.TRACE)
+        assertThat(options.isStrictTraceContinuation).isEqualTo(true)
+        assertThat(options.orgId).isEqualTo("12345")
       }
   }
 

sentry-spring-boot/src/test/kotlin/io/sentry/spring/boot/SentryAutoConfigurationTest.kt

@@ -247,6 +247,8 @@ class SentryAutoConfigurationTest {
         "sentry.profile-session-sample-rate=1.0",
         "sentry.profiling-traces-dir-path=tmp/sentry/profiling-traces",
         "sentry.profile-lifecycle=TRACE",
+        "sentry.strict-trace-continuation=true",
+        "sentry.org-id=12345",
       )
       .run {
         val options = it.getBean(SentryProperties::class.java)
@@ -305,6 +307,8 @@ class SentryAutoConfigurationTest {
         assertThat(options.profilingTracesDirPath)
           .startsWith(File("tmp/sentry/profiling-traces").absolutePath)
         assertThat(options.profileLifecycle).isEqualTo(ProfileLifecycle.TRACE)
+        assertThat(options.isStrictTraceContinuation).isEqualTo(true)
+        assertThat(options.orgId).isEqualTo("12345")
       }
   }
 

sentry/src/main/java/io/sentry/ExternalOptions.java

@@ -222,7 +222,7 @@ public final class ExternalOptions {
     }
 
     options.setStrictTraceContinuation(
-        propertiesProvider.getBooleanProperty("strict-trace-continuation"));
+        propertiesProvider.getBooleanProperty("enable-strict-trace-continuation"));
     options.setOrgId(propertiesProvider.getProperty("org-id"));
 
     options.setEnableSpotlight(propertiesProvider.getBooleanProperty("enable-spotlight"));

sentry/src/main/java/io/sentry/PropagationContext.java

@@ -33,12 +33,7 @@ public static PropagationContext fromHeaders(
       final @NotNull SentryTraceHeader traceHeader = new SentryTraceHeader(sentryTraceHeaderString);
       final @NotNull Baggage baggage = Baggage.fromHeader(baggageHeaderStrings, logger);
 
-      if (options != null && !shouldContinueTrace(options, baggage)) {
-        logger.log(SentryLevel.DEBUG, "Not continuing trace due to org ID mismatch.");
-        return new PropagationContext();
-      }
-
-      return fromHeaders(traceHeader, baggage, null, null);
+      return fromHeaders(traceHeader, baggage, null, options);
     } catch (InvalidSentryTraceHeaderException e) {
       logger.log(SentryLevel.DEBUG, e, "Failed to parse Sentry trace header: %s", e.getMessage());
       return new PropagationContext();
@@ -51,6 +46,9 @@ public static PropagationContext fromHeaders(
       final @Nullable SpanId spanId,
       final @Nullable SentryOptions options) {
     if (options != null && !shouldContinueTrace(options, baggage)) {
+      options
+          .getLogger()
+          .log(SentryLevel.DEBUG, "Not continuing trace due to org ID mismatch.");
       return new PropagationContext();
     }
 
@@ -165,8 +163,14 @@ public void setSampled(final @Nullable Boolean sampled) {
 
   static boolean shouldContinueTrace(
       final @NotNull SentryOptions options, final @Nullable Baggage baggage) {
-    final @Nullable String sdkOrgId = options.getEffectiveOrgId();
-    final @Nullable String baggageOrgId = baggage != null ? baggage.getOrgId() : null;
+    final @Nullable String rawSdkOrgId = options.getEffectiveOrgId();
+    final @Nullable String sdkOrgId =
+        (rawSdkOrgId != null && !rawSdkOrgId.trim().isEmpty()) ? rawSdkOrgId.trim() : null;
+    final @Nullable String rawBaggageOrgId = baggage != null ? baggage.getOrgId() : null;
+    final @Nullable String baggageOrgId =
+        (rawBaggageOrgId != null && !rawBaggageOrgId.trim().isEmpty())
+            ? rawBaggageOrgId.trim()
+            : null;
 
     // Mismatched org IDs always reject regardless of strict mode
     if (sdkOrgId != null && baggageOrgId != null && !sdkOrgId.equals(baggageOrgId)) {

sentry/src/test/java/io/sentry/ExternalOptionsTest.kt

@@ -451,14 +451,14 @@ class ExternalOptionsTest {
 
   @Test
   fun `creates options with strictTraceContinuation set to true`() {
-    withPropertiesFile("strict-trace-continuation=true") { options ->
+    withPropertiesFile("enable-strict-trace-continuation=true") { options ->
       assertTrue(options.isStrictTraceContinuation == true)
     }
   }
 
   @Test
   fun `creates options with strictTraceContinuation set to false`() {
-    withPropertiesFile("strict-trace-continuation=false") { options ->
+    withPropertiesFile("enable-strict-trace-continuation=false") { options ->
       assertTrue(options.isStrictTraceContinuation == false)
     }
   }