Merge branch 'master' into lcian/feat/axum-docs

lcian · lcian · commit 5e6b9a6f170c · 2025-07-07T17:34:43.000+02:00
diff --git a/.github/workflows/lint-404s.yml b/.github/workflows/lint-404s.yml
@@ -32,8 +32,13 @@ jobs:
       - uses: actions/cache@v4
         id: cache
         with:
-          path: ${{ github.workspace }}/node_modules
+          path: |
+            ${{ github.workspace }}/node_modules
+            ${{ github.workspace }}/.next/cache
+            ${{ github.workspace }}/.eslintcache
           key: node-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            node-${{ runner.os }}-
 
       - run: yarn install --frozen-lockfile
         if: steps.cache.outputs.cache-hit != 'true'
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -29,18 +29,23 @@ jobs:
       - uses: actions/cache@v4
         id: cache
         with:
-          path: ${{ github.workspace }}/node_modules
+          path: |
+            ${{ github.workspace }}/node_modules
+            ${{ github.workspace }}/.next/cache
+            ${{ github.workspace }}/.eslintcache
           key: node-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            node-${{ runner.os }}-
+
       - run: yarn install --frozen-lockfile
         if: steps.cache.outputs.cache-hit != 'true'
 
       # Additional checks
       - run: yarn lint:ts
-      - run: yarn lint:docs
 
       # Run automatic fixes (run prettier apart from eslint to also fix mdx files)
       - run: yarn lint:prettier:fix
-      - run: yarn lint:eslint:fix
+      - run: yarn lint:eslint:fix --cache
 
       # Check (and error) for dirty working tree for forks
       # Reason being we need a different token to auto commit changes and
@@ -69,8 +74,14 @@ jobs:
       - uses: actions/cache@v4
         id: cache
         with:
-          path: ${{ github.workspace }}/node_modules
+          path: |
+            ${{ github.workspace }}/node_modules
+            ${{ github.workspace }}/.next/cache
+            ${{ github.workspace }}/.eslintcache
           key: node-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            node-${{ runner.os }}-
+
       - run: yarn install --frozen-lockfile
         if: steps.cache.outputs.cache-hit != 'true'
       - name: Run Tests
diff --git a/bin/lint-docs.ts b/bin/lint-docs.ts
diff --git a/docs/platforms/android/enriching-events/attachments/index.mdx b/docs/platforms/android/enriching-events/attachments/index.mdx
@@ -31,6 +31,8 @@ The type of content stored in this attachment. Any [MIME type](https://www.iana.
 
 The specific media content type that determines how the attachment is rendered in the Sentry UI. We currently support and can render the following MIME types:
 
+
+
 - `text/plain`
 - `text/css`
 - `text/csv`
@@ -40,6 +42,10 @@ The specific media content type that determines how the attachment is rendered i
 - `image/jpeg`
 - `image/png`
 - `image/gif`
+- `image/webp`
+- `image/avif`
+- `video/webm`
+- `video/mp4`
 
 ## Uploading Attachments
 
diff --git a/docs/platforms/android/session-replay/privacy/index.mdx b/docs/platforms/android/session-replay/privacy/index.mdx
@@ -5,10 +5,9 @@ notSupported:
 description: "Learn how to mask parts of your app's data in Session Replay."
 ---
 
-<Alert>
-
-Using custom masking in your Session Replays may accidentally expose sensitive customer data. Before publishing an App with Session Replay enabled, make sure to test it thoroughly to ensure that no sensitive data is exposed.
+<Alert level="warning">
 
+Before enabling Session Replay in production, verify your masking configuration to ensure no sensitive data is captured. Our default settings aggressively mask potentially sensitive data, but if you modify these settings, you must thoroughly test your application. If you find any masking issues or sensitive data that should be masked but isn't, please [create a GitHub issue](https://github.com/getsentry/sentry-java/issues/new/choose) and avoid deploying to production with Session Replay enabled until the issue is resolved.
 
 </Alert>
 
diff --git a/docs/platforms/apple/common/enriching-events/attachments/index.mdx b/docs/platforms/apple/common/enriching-events/attachments/index.mdx
@@ -40,6 +40,10 @@ The specific media content type that determines how the attachment is rendered i
 - `image/jpeg`
 - `image/png`
 - `image/gif`
+- `image/webp`
+- `image/avif`
+- `video/webm`
+- `video/mp4`
 
 ## Uploading Attachments
 
diff --git a/docs/platforms/apple/guides/ios/session-replay/index.mdx b/docs/platforms/apple/guides/ios/session-replay/index.mdx
@@ -6,6 +6,12 @@ notSupported:
 description: "Learn how to enable Session Replay in your mobile app."
 ---
 
+<Alert level="warning">
+
+Before enabling Session Replay in production, verify your masking configuration to ensure no sensitive data is captured. Our default settings aggressively mask potentially sensitive data, but if you modify these settings or update UI frameworks or system SDKs, you must thoroughly test your application. If you find any masking issues or sensitive data that should be masked but isn't, please [create a GitHub issue](https://github.com/getsentry/sentry-cocoa/issues/new/choose) and avoid deploying to production with Session Replay enabled until the issue is resolved.
+
+</Alert>
+
 [Session Replay](/product/explore/session-replay/) helps you get to the root cause of an error or latency issue faster by providing you with a reproduction of what was happening in the user's device before, during, and after the issue. You can rewind and replay your application's state and see key user interactions, like taps, swipes, network requests, and console entries, in a single UI.
 
 By default, our Session Replay SDK masks all text content, images, and user input, giving you heightened confidence that no sensitive data will leave the device. To learn more, see [product docs](/product/explore/session-replay/).
diff --git a/docs/platforms/dart/common/enriching-events/attachments/index.mdx b/docs/platforms/dart/common/enriching-events/attachments/index.mdx
@@ -40,6 +40,10 @@ The specific media content type that determines how the attachment is rendered i
 - `image/jpeg`
 - `image/png`
 - `image/gif`
+- `image/webp`
+- `image/avif`
+- `video/webm`
+- `video/mp4`
 
 ## Uploading Attachments
 
diff --git a/docs/platforms/dart/guides/flutter/session-replay/privacy.mdx b/docs/platforms/dart/guides/flutter/session-replay/privacy.mdx
@@ -5,4 +5,10 @@ notSupported:
 description: "Learn about the privacy-oriented settings for Session Replay."
 ---
 
+<Alert level="warning">
+
+Before enabling Session Replay in production, verify your masking configuration to ensure no sensitive data is captured. Our default settings aggressively mask potentially sensitive data, but if you modify these settings or update UI frameworks or system SDKs, you must thoroughly test your application. If you find any masking issues or sensitive data that should be masked but isn't, please [create a GitHub issue](https://github.com/getsentry/sentry-dart/issues/new/choose) and avoid deploying to production with Session Replay enabled until the issue is resolved.
+
+</Alert>
+
 <PlatformContent includePath="replay/privacy-configuration" />
diff --git a/docs/platforms/dotnet/common/enriching-events/attachments/index.mdx b/docs/platforms/dotnet/common/enriching-events/attachments/index.mdx
@@ -46,6 +46,10 @@ The specific media content type that determines how the attachment is rendered i
 - `image/jpeg`
 - `image/png`
 - `image/gif`
+- `image/webp`
+- `image/avif`
+- `video/webm`
+- `video/mp4`
 
 ## Uploading Attachments
 
diff --git a/docs/platforms/java/common/enriching-events/attachments/index.mdx b/docs/platforms/java/common/enriching-events/attachments/index.mdx
@@ -40,6 +40,10 @@ The specific media content type that determines how the attachment is rendered i
 - `image/jpeg`
 - `image/png`
 - `image/gif`
+- `image/webp`
+- `image/avif`
+- `video/webm`
+- `video/mp4`
 
 ## Uploading Attachments
 
diff --git a/docs/platforms/javascript/common/session-replay/privacy.mdx b/docs/platforms/javascript/common/session-replay/privacy.mdx
@@ -24,6 +24,12 @@ customCanonicalTag: "/platforms/javascript/session-replay/privacy/"
 
 <Include name="session-replay-web-report-bug.mdx" />
 
+<Alert level="warning">
+
+Before enabling Session Replay in production, verify your masking configuration to ensure no sensitive data is captured. Our default settings aggressively mask potentially sensitive data, but if you modify these settings or update UI frameworks or system SDKs, you must thoroughly test your application. If you find any masking issues or sensitive data that should be masked but isn't, please [create a GitHub issue](https://github.com/getsentry/sentry-javascript/issues/new/choose) and avoid deploying to production with Session Replay enabled until the issue is resolved.
+
+</Alert>
+
 There are several ways to deal with personally identifiable information (PII). By default, the Session Replay SDK will mask all text content with `*` and block all media elements (`img`, `svg`, `video`, `object`, `picture`, `embed`, `map`, `audio`) on the client, before it is sent to the server. This can be disabled by setting `maskAllText` to `false`. It's also possible to add the following CSS classes to specific DOM elements to prevent recording their contents: `sentry-block`, `sentry-ignore`, and `sentry-mask`. The following sections will show examples of how content is handled by the differing methods.
 
 ## Masking
diff --git a/docs/platforms/javascript/common/tracing/distributed-tracing/dealing-with-cors-issues/index.mdx b/docs/platforms/javascript/common/tracing/distributed-tracing/dealing-with-cors-issues/index.mdx
@@ -16,8 +16,53 @@ notSupported:
   - javascript.nestjs
 ---
 
-If your frontend and backend are hosted on different domains (for example, your frontend is on `https://example.com` and your backend is on `https://api.example.com`), and the frontend does XHR/fetch requests to your backend, you'll need to configure your backend [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers) headers to ensure requests aren't blocked.
+If your frontend and backend are hosted on different domains (for example, your frontend is on `https://example.com` and your backend is on `https://api.example.com`), you need to configure your backend [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers) headers to prevent requests from being blocked by the browser.
 
-Configure your backend CORS to allow the `sentry-trace` and `baggage` headers.
+## Understanding Trace Propagation
 
-Your server's response header configuration might look like: `"Access-Control-Allow-Headers: sentry-trace, baggage"`. Your configuration will be specific to your setup.
+Sentry doesn't attach the `sentry-trace` and `baggage` headers to every outgoing request. Instead, it only attaches these headers to requests whose URLs match the patterns specified in the `tracePropagationTargets` configuration option.
+
+By default, `tracePropagationTargets` is set to `['localhost', /^\//]`, which means trace headers are only attached to:
+- Requests containing `localhost` in their URL (e.g., `http://localhost:3000/api`)
+- Requests whose URL starts with `/` (e.g., `/api/users`, `/graphql`)
+
+This default behavior helps prevent sending trace data to third-party services and avoids potential CORS issues.
+
+## Configuring Trace Propagation
+
+To enable distributed tracing across different domains, you need to configure `tracePropagationTargets` to include the URLs of your backend services:
+
+```javascript
+Sentry.init({
+  dsn: "___PUBLIC_DSN___",
+  integrations: [Sentry.browserTracingIntegration()],
+  tracePropagationTargets: [
+    "localhost",           // For local development
+    /^\/api\//,           // For same-origin API calls
+    "https://api.example.com", // For your backend domain
+    "https://auth.example.com" // For additional services
+  ],
+});
+```
+
+## Configuring CORS Headers
+
+Once you've configured `tracePropagationTargets` to include your backend domains, you need to configure your backend to allow the trace headers:
+
+```
+Access-Control-Allow-Headers: sentry-trace, baggage
+```
+
+Your server's exact configuration will depend on your setup, but the important part is allowing both the `sentry-trace` and `baggage` headers.
+
+## Disabling Trace Propagation
+
+If you want to disable distributed tracing entirely and ensure no trace headers are sent:
+
+```javascript
+Sentry.init({
+  dsn: "___PUBLIC_DSN___",
+  // Empty array prevents all trace header propagation
+  tracePropagationTargets: [],
+});
+```
diff --git a/docs/platforms/javascript/guides/cloudflare/frameworks/sveltekit.mdx b/docs/platforms/javascript/guides/cloudflare/frameworks/sveltekit.mdx
@@ -57,4 +57,4 @@ Next, update your `src/hooks.server.(ts|js)` file to use the `initCloudflareSent
  export const handleError = handleErrorWithSentry(myErrorHandler);
 ```
 
-If you need to use environmental variables, you can access them using `event.platform.env`.
+If you need to use environmental variables, you can access them using `event.platform.env`.
diff --git a/docs/platforms/kotlin/guides/kotlin-multiplatform/enriching-events/attachments/index.mdx b/docs/platforms/kotlin/guides/kotlin-multiplatform/enriching-events/attachments/index.mdx
@@ -40,6 +40,10 @@ The specific media content type that determines how the attachment is rendered i
 - `image/jpeg`
 - `image/png`
 - `image/gif`
+- `image/webp`
+- `image/avif`
+- `video/webm`
+- `video/mp4`
 
 ## Uploading Attachments
 
diff --git a/docs/platforms/php/guides/laravel/usage/index.mdx b/docs/platforms/php/guides/laravel/usage/index.mdx
@@ -112,6 +112,7 @@ After you configured the Sentry log channel, you can configure your app to both
 
 ```bash {filename:.env}
 # ...
+LOG_CHANNEL=stack
 LOG_STACK=single,sentry
 # ...
 ```
diff --git a/docs/platforms/powershell/enriching-events/attachments/index.mdx b/docs/platforms/powershell/enriching-events/attachments/index.mdx
@@ -40,6 +40,10 @@ The specific media content type that determines how the attachment is rendered i
 - `image/jpeg`
 - `image/png`
 - `image/gif`
+- `image/webp`
+- `image/avif`
+- `video/webm`
+- `video/mp4`
 
 ## Uploading Attachments
 
diff --git a/docs/platforms/react-native/session-replay/privacy/index.mdx b/docs/platforms/react-native/session-replay/privacy/index.mdx
@@ -7,7 +7,7 @@ description: "Learn how to mask sensitive data that may appear in your app in Se
 
 <Alert level="warning">
 
-Using custom masking in your Session Replays instead of our default settings, may accidentally expose sensitive customer data. Make sure to test your app thoroughly to ensure that no sensitive data is exposed before publishing it.
+Before enabling Session Replay in production, verify your masking configuration to ensure no sensitive data is captured. Our default settings aggressively mask potentially sensitive data, but if you modify these settings or update UI frameworks or system SDKs, you must thoroughly test your application. If you find any masking issues or sensitive data that should be masked but isn't, please [create a GitHub issue](https://github.com/getsentry/sentry-react-native/issues/new/choose) and avoid deploying to production with Session Replay enabled until the issue is resolved.
 
 </Alert>
 
diff --git a/docs/platforms/unity/enriching-events/attachments/index.mdx b/docs/platforms/unity/enriching-events/attachments/index.mdx
@@ -40,6 +40,10 @@ The specific media content type that determines how the attachment is rendered i
 - `image/jpeg`
 - `image/png`
 - `image/gif`
+- `image/webp`
+- `image/avif`
+- `video/webm`
+- `video/mp4`
 
 ## Uploading Attachments
 
diff --git a/docs/platforms/unity/index.mdx b/docs/platforms/unity/index.mdx
@@ -42,9 +42,11 @@ Don't already have an account and Sentry project established? Head over to [sent
 Install the package via the [Unity Package Manager using a Git URL](https://docs.unity3d.com/Manual/upm-ui-giturl.html) to Sentry's SDK repository:
 
 ```
-https://github.com/getsentry/unity.git#{{@inject packages.version('sentry.dotnet.unity', '0.0.5') }}
+https://github.com/getsentry/unity.git
 ```
 
+To use a specific version of the SDK, append `#{{@inject packages.version('sentry.dotnet.unity', '0.0.5') }}` to the URL.
+
 ## Configure
 
 Installing the SDK will add an entry to Unity's top menu: `Tools` > `Sentry`. When you first open the menu, a wizard will guide you through the process of associating your game with a Sentry project and set up the initial configuration for you. The minimum configuration required is the [DSN](/product/sentry-basics/dsn-explainer/) to your project.
diff --git a/docs/platforms/unreal/enriching-events/attachments/index.mdx b/docs/platforms/unreal/enriching-events/attachments/index.mdx
@@ -67,6 +67,10 @@ The specific media content type that determines how the attachment is rendered i
 - `image/jpeg`
 - `image/png`
 - `image/gif`
+- `image/webp`
+- `image/avif`
+- `video/webm`
+- `video/mp4`
 
 ## Uploading Attachments
 
diff --git a/package.json b/package.json
@@ -25,7 +25,6 @@
     "start": "next start",
     "lint": "next lint",
     "lint:ts": "tsc --skipLibCheck",
-    "lint:docs": "bin/lint-docs.ts",
     "lint:eslint": "eslint \"{src,app,scripts}/**/*.{ts,tsx,js,jsx}\"",
     "lint:eslint:fix": "eslint --fix \"{src,app,scripts}/**/*.{ts,tsx,js,jsx}\"",
     "lint:prettier": "prettier --check \"./{src,app,scripts}/**/*.{md,mdx,ts,tsx,js,jsx,mjs}\"",
@@ -57,7 +56,7 @@
     "@radix-ui/react-tooltip": "^1.1.4",
     "@radix-ui/themes": "^3.1.3",
     "@sentry-internal/global-search": "^1.3.0",
-    "@sentry/nextjs": "9.27.0",
+    "@sentry/nextjs": "9.36.0-alpha.2",
     "@types/mdx": "^2.0.9",
     "algoliasearch": "^4.23.3",
     "dompurify": "3.2.4",
diff --git a/platform-includes/enriching-events/add-attachment/javascript.mdx b/platform-includes/enriching-events/add-attachment/javascript.mdx
@@ -40,6 +40,10 @@ The specific media content type that determines how the attachment is rendered i
 - `image/jpeg`
 - `image/png`
 - `image/gif`
+- `image/webp`
+- `image/avif`
+- `video/webm`
+- `video/mp4`
 
 ## Add or Modify Attachments Before Sending
 
diff --git a/platform-includes/getting-started-config/kotlin.kotlin-multiplatform.mdx b/platform-includes/getting-started-config/kotlin.kotlin-multiplatform.mdx
@@ -4,6 +4,9 @@ import io.sentry.kotlin.multiplatform.Sentry
 fun initializeSentry() {
   Sentry.init { options ->
     options.dsn = "___PUBLIC_DSN___"
+    // Adds request headers and IP for users, for more info visit:
+    // https://docs.sentry.io/platforms/kotlin/guides/kotlin-multiplatform/data-management/data-collected/
+    options.sendDefaultPii = true
   }
 }
 ```
diff --git a/platform-includes/logs/setup/php.laravel.mdx b/platform-includes/logs/setup/php.laravel.mdx
@@ -16,6 +16,7 @@ After you configured the Sentry log channel, you can configure your app to both
 
 ```bash {filename:.env}
 # ...
+LOG_CHANNEL=stack
 LOG_STACK=single,sentry_logs
 # ...
 ```
diff --git a/scripts/generate-md-exports.mjs b/scripts/generate-md-exports.mjs
diff --git a/src/mdx.ts b/src/mdx.ts
diff --git a/yarn.lock b/yarn.lock
