pr feedback

Author: inventarSarah

docs/platforms/javascript/common/troubleshooting/index.mdx

@@ -97,9 +97,6 @@ Most community CDNs properly set an `Access-Control-Allow-Origin` header.
 
 <Expandable permalink title="Configure CSP for Client-side `fetch` Instrumentation">
 
-<Alert>
-    Only relevant for SvelteKit versions below `@sveltejs/[email protected]`
-</Alert>
 If you're using a SvelteKit version older than `sveltejs/[email protected]`, the Sentry SDK injects an inline `<script>` tag into the HTML response of the server.
 This script proxies all client-side `fetch` calls so that `fetch` calls inside your `load` functions are captured by the SDK.
 However, if you configured CSP rules to block inline fetch scripts by default, this script will be [blocked by the browser](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_inline_script).
@@ -110,7 +107,7 @@ You have multiple options to solve this CSP issue:
 
 The easiest option is to update `@sveltejs/kit` to at least version `2.16.0` (or newer). The SDK will not inject the fetch proxy script as it's no longer necessary.
 
-#### Option 2: Add Script Hash to CSP policy
+#### Option 2: Add Script Hash to CSP Policy
 
 To enable the script, add an exception for the `sentryHandle` script by adding the hash of the script to your CSP script source rules.
 
@@ -139,7 +136,7 @@ For external CSP configurations, add the following hash to your `script-src` dir
   consistent.
 </Alert>
 
-#### Option 3: Disable `fetch` Proxy Script
+#### Option 3: Disable the `fetch` Proxy Script
 
 If you don't want to inject the script responsible for instrumenting client-side `fetch` calls, you can disable injection by passing `injectFetchProxyScript: false` to `sentryHandle`:
 

docs/platforms/javascript/guides/sveltekit/manual-setup.mdx

@@ -147,7 +147,7 @@ export default defineConfig({
 
 ## Step 3: Add Readable Stack Traces With Source Maps (Optional)
 
-To upload source maps for clear error stack traces, add your Sentry auth token, organization, and project slug in your `vite.config.(js|ts)` file:
+To upload source maps for clear error stack traces, create an environment variable for your auth token and add your Sentry organization, and project slug in your `vite.config.(js|ts)` file:
 
 ```javascript {filename:vite.config.(js|ts)} {6-10}
 import { sveltekit } from "@sveltejs/kit/vite";
@@ -159,7 +159,7 @@ export default {
       sourceMapsUploadOptions: {
         org: "___ORG_SLUG___",
         project: "___PROJECT_SLUG___",
-        authToken: "___ORG_AUTH_TOKEN___",
+        authToken: process.env.SENTRY_AUTH_TOKEN,
       },
     }),
     sveltekit(),
@@ -168,6 +168,14 @@ export default {
 };
 ```
 
+To keep your auth token secure, always store it in an environment variable instead of directly in your files:
+
+<OrgAuthTokenNote />
+
+```bash {filename:.env}
+SENTRY_AUTH_TOKEN=___ORG_AUTH_TOKEN___
+```
+
 ### Override Adapter Detection
 
 `sentrySvelteKit` tries to auto-detect your SvelteKit adapter to configure source maps upload correctly. If you're using an unsupported adapter or the wrong one is detected, set it using the `adapter` option:
@@ -187,7 +195,7 @@ export default {
 };
 ```
 
-## Step 3: Optional Configuration
+## Step 4: Optional Configuration
 
 The points explain additional optional configuration or more in-depth customization of your Sentry SvelteKit SDK setup.
 
@@ -302,16 +310,16 @@ export const GET = wrapServerRouteWithSentry(async () => {
 });
 ```
 
-## Step 4: Cloudflare Pages Configuration (Optional)
+## Step 5: Cloudflare Pages Configuration (Optional)
 
 If you're deploying your application to Cloudflare Pages, you need to adjust your server-side setup.
 Follow this guide to [configure Sentry for Cloudflare](/platforms/javascript/guides/cloudflare/frameworks/sveltekit/).
 
-## Step 5: Avoid Ad Blockers With Tunneling (Optional)
+## Step 6: Avoid Ad Blockers With Tunneling (Optional)
 
 <PlatformContent includePath="getting-started-tunneling" />
 
-## Step 6: Verify Your Setup
+## Step 7: Verify Your Setup
 
 Let's test your setup and confirm that Sentry is working correctly and sending data to your Sentry project.
 

platform-includes/sourcemaps/upload/primer/javascript.sveltekit.mdx

@@ -9,6 +9,8 @@ There are two ways to set them:
 
 You can set all values as environment variables, for example, in a `.env` file:
 
+<OrgAuthTokenNote />
+
 ```bash {filename: .env}
 # DO NOT commit this file to your repo. The auth token is a secret.
 SENTRY_AUTH_TOKEN=___ORG_AUTH_TOKEN___
@@ -23,8 +25,6 @@ SENTRY_URL="https://your-sentry-instance.com"
 
 You can also set your org and project slugs by passing a `sourceMapsUploadOptions` object to `sentrySvelteKit`, as seen in the example below. For a full list of available options, see the [Sentry Vite Plugin documentation](https://www.npmjs.com/package/@sentry/vite-plugin#options).
 
-<OrgAuthTokenNote />
-
 ```javascript {filename:vite.config.(js|ts)} {6-12}
 import { sveltekit } from "@sveltejs/kit/vite";
 import { sentrySvelteKit } from "@sentry/sveltekit";
@@ -35,7 +35,7 @@ export default {
       sourceMapsUploadOptions: {
         org: "___ORG_SLUG___",
         project: "___PROJECT_SLUG___",
-        authToken: "process.env.SENTRY_AUTH_TOKEN",
+        authToken: process.env.SENTRY_AUTH_TOKEN,
         // If you're self-hosting Sentry, also add your instance URL:
         // url: "https://your-self-hosted-sentry.com/",
       },
@@ -46,10 +46,14 @@ export default {
 };
 ```
 
-<Alert level="warning" title="Important">
-  To keep your auth token secure, always store it in an environment variable
-  instead of directly in your files.
-</Alert>
+To keep your auth token secure, always store it in an environment variable instead of directly in your files:
+
+<OrgAuthTokenNote />
+
+```bash {filename:.env}
+SENTRY_AUTH_TOKEN=___ORG_AUTH_TOKEN___
+```
+
 ### Override SvelteKit Adapter Detection
 
 By default, `sentrySvelteKit` will try to detect your SvelteKit adapter to configure the source maps upload correctly. If you're not using one of the [supported adapters](/platforms/javascript/guides/sveltekit) or the wrong one is detected, you can override the adapter detection by passing the `adapter` option to `sentrySvelteKit`: