docs(js): Update content in SvelteKit's manual quick start guide (source maps, csp)

[inventarSarah]

DESCRIBE YOUR PR

In this PR I have:

• reduced the source maps content in SvelteKit's manual quick start guide and moved it to the Source Maps page
• moved content about CSP to the Troubleshooting page and added an Expandable to the manual quick start guide

I will move the build options and API content in a new PR (or two) to keep things focused.

Belongs to: #13634

IS YOUR CHANGE URGENT?

Help us prioritize incoming PRs by letting us know when the change needs to go live.

• Urgent deadline (GA date, etc.):
• Other deadline:
• None: Not urgent, can wait up to 1 week+

SLA

• Teamwork makes the dream work, so please add a reviewer to your PRs.
• Please give the docs team up to 1 week to review your PR unless you've added an urgent due date to it.
  Thanks in advance for your help!

PRE-MERGE CHECKLIST

Make sure you've checked the following before merging your changes:

• Checked Vercel preview for correctness, including links
• PR was reviewed and approved by any necessary SMEs (subject matter experts)
• PR was reviewed and approved by a member of the Sentry docs team

EXTRA RESOURCES

• Sentry Docs contributor guide

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
sentry-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 2, 2025 8:30am

2 Skipped Deployments

Name	Status	Preview	Comments	Updated (UTC)
changelog	⬜️ Ignored (Inspect)	Visit Preview		Jun 2, 2025 8:30am
develop-docs	⬜️ Ignored (Inspect)	Visit Preview		Jun 2, 2025 8:30am

[Lms24]

Thanks! The CSP section looks great already. I had a concern about the source maps configuration settings (see comments). TLDR: We should never set the auth token in code but only as env variables.

Realizing that the comment order in my review is a bit misleading for source maps. I recommend reading #13843 (comment) first :)

[Lms24]

m: The options here really only differ in how much users set as env variables vs. directly in code. Users can set project and org slugs in code but they should never set the auth token in code as it must remain a secret and shouldn't be committed.

So I'd recommend we:

• always show the .env file for setting the SENTRY_AUTH_TOKEN
• also show a complete .env file for option 1 (see my comment)
• show both .env and vite.config.ts for option 2 (basically how we used to show it in manual setup).

Does this make sense?

[inventarSarah]

Thanks for bringing this up -- I think I understood what you meant -> let me know if you have feedback on the changes.

I'll review the other SDKs to see whether we need to update this there as well next week. It would be ideal to be consistent here.

[codecov]

Bundle Report

Changes will increase total bundle size by 465 bytes (0.0%) ⬆️. This is within the configured threshold ✅

Detailed changes

Bundle name	Size	Change
sentry-docs-server-cjs	11.22MB	471 bytes (0.0%) ⬆️
sentry-docs-client-array-push	9.77MB	-6 bytes (-0.0%) ⬇️

Affected Assets, Files, and Routes:

view changes for bundle: sentry-docs-client-array-push

Assets Changed:

Asset Name	Size Change	Total Size	Change (%)
static/chunks/pages/_app-*.js	-3 bytes	868.7kB	-0.0%
static/chunks/8165-*.js	-3 bytes	410.1kB	-0.0%
static/CTAoPRftGKDT_KABYsQV1/_buildManifest.js (New)	616 bytes	616 bytes	100.0% 🚀
static/CTAoPRftGKDT_KABYsQV1/_ssgManifest.js (New)	77 bytes	77 bytes	100.0% 🚀
static/MG13B8iZHzogkhfyu30qQ/_buildManifest.js (Deleted)	-616 bytes	0 bytes	-100.0% 🗑️
static/MG13B8iZHzogkhfyu30qQ/_ssgManifest.js (Deleted)	-77 bytes	0 bytes	-100.0% 🗑️

view changes for bundle: sentry-docs-server-cjs

Assets Changed:

Asset Name	Size Change	Total Size	Change (%)
1729.js	-3 bytes	1.75MB	-0.0%
../instrumentation.js	-3 bytes	1.08MB	-0.0%
9523.js	-3 bytes	1.05MB	-0.0%
../app/[[...path]]/page.js.nft.json	160 bytes	399.59kB	0.04%
../app/platform-redirect/page.js.nft.json	160 bytes	399.51kB	0.04%
../app/sitemap.xml/route.js.nft.json	160 bytes	397.48kB	0.04%

[Lms24]

this shouldn't be a string:

Suggested change

	authToken: "process.env.SENTRY_AUTH_TOKEN",
	authToken: process.env.SENTRY_AUTH_TOKEN,

[Lms24]

I think we should still show the auth token in the .env file here, given that the token needs to be set somewhere. Otherwise, we should at least remove the <OrgAuthTokenNote> here.

Suggested change

	<OrgAuthTokenNote />
	<OrgAuthTokenNote />
	\```bash {filename:.env}
	# DO NOT commit this file to your repo. The auth token is a secret.
	SENTRY_AUTH_TOKEN=___ORG_AUTH_TOKEN___
	\```

(please ignore the backslashes, GH makes suggesting code blocks impossible :(

[inventarSarah]

👍
I added the .env file here as suggested - thank you!

In Option 1, I also added OrgAuthTokenNote above the .env file

[Lms24]

I realized we have the same problem here. We also shouldn't directly put the auth token into code here. I actually liked the previous version where we basically showed option 2. Happy to leave it up to you if it makes more sense to display both files in tabs in the same code block or one underneath the other.

[inventarSarah]

💯
Updated this section and added the .env with the auth token.
In general, it is best to provide only one option in a quick start guide, allowing the user to focus on setting things up quickly.

[coolguyzone]

Looks good! Please address the step number comment before merging

[Lms24]

Thanks for including my suggestions! LGTM!