From e1dbbb245db84d9c0a38f53a896e6cb8050fa5e0 Mon Sep 17 00:00:00 2001
From: Martin Othamar <martin.othamar@digdir.no>
Date: Wed, 28 Jan 2026 13:30:00 +0100
Subject: [PATCH] fix: pdf base64 encode tracestate header

---
 .../Infrastructure/Clients/Pdf/PdfGeneratorClient.cs | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/Altinn.App.Core/Infrastructure/Clients/Pdf/PdfGeneratorClient.cs b/src/Altinn.App.Core/Infrastructure/Clients/Pdf/PdfGeneratorClient.cs
index b525d17c23..6013aa832f 100644
--- a/src/Altinn.App.Core/Infrastructure/Clients/Pdf/PdfGeneratorClient.cs
+++ b/src/Altinn.App.Core/Infrastructure/Clients/Pdf/PdfGeneratorClient.cs
@@ -104,11 +104,21 @@ public async Task<Stream> GeneratePdf(Uri uri, string? footerContent, Cancellati
                     if (k != "traceparent" && k != "tracestate")
                         _logger.LogWarning("Unexpected key '{Key}' when propagating trace context (expected W3C)", k);
 
+                    var value = v;
+                    if (k == "tracestate")
+                    {
+                        // tracestate will contain e.g. baggage which are arbitrary keyvalue pairs example kv: "dd=s:1;o:rum".
+                        // values can contain semicolon which is not allowed in cookie values
+                        // so we base64 encode the entire value to be safe
+                        // Frontend accounts for this when passing it back when on the PDF page
+                        value = Convert.ToBase64String(Encoding.UTF8.GetBytes(v));
+                    }
+
                     c.Add(
                         new PdfGeneratorCookieOptions
                         {
                             Name = $"altinn-telemetry-{k}",
-                            Value = v,
+                            Value = value,
                             Domain = uri.Host,
                         }
                     );