feat(core): Export a reusable function to add tracing headers

[JPeer264]

This PR is an extraction of #19991

It basically exports getTracingHeadersForFetchRequest, which was previously only exported for testing, but offers a great functionality if you want to add tracing headers to a request. I renamed it as addTracingHeadersToFetchRequest sounded a little misleading, as it didn't really add headers to the request, as it returned the extracted headers from the request (or init, if there are any).

Open question

I added @hidden and @internal to it, not sure if this is an approach we follow. I'm ok to remove it from the jsdoc

[github-actions]

Semver Impact of This PR

🟡 Minor (new features)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

New Features ✨

• (core) Export a reusable function to add tracing headers by JPeer264 in #20076

• (core, node) Portable Express integration by isaacs in #19928
• (deno) Add denoRuntimeMetricsIntegration by chargome in #20023
• (deps) Bump @xmldom/xmldom from 0.8.3 to 0.8.12 by dependabot in #20066

Bug Fixes 🐛

• (aws-serverless) Add timeout to _endSpan forceFlush to prevent Lambda hanging by logaretm in #20064
• (cloudflare) Ensure every request instruments functions by JPeer264 in #20044
• (gatsby) Fix errorHandler signature to match bundler-plugin-core API by JPeer264 in #20048

Internal Changes 🔧

Core

• Extract shared endStreamSpan for AI integrations by nicohrubec in #20021
• Remove provider-specific AI span attributes in favor of gen_ai attributes in sentry conventions by nicohrubec in #20011

Other

• Update validate-pr workflow by stephanie-anderson in #20072
• Remove unused tsconfig-template folder by mydea in #20067

---

_{🤖 This preview updates automatically when you update the PR.}

[github-actions]

size-limit report 📦

⚠️ Warning: Base artifact is not the latest one, because the latest workflow run is not done yet. This may lead to incorrect results. Try to re-run all tests to get up to date results.

Path	Size	% Change	Change
@sentry/browser	25.65 kB	+0.02%	+5 B 🔺
@sentry/browser - with treeshaking flags	24.14 kB	+0.03%	+5 B 🔺
@sentry/browser (incl. Tracing)	42.16 kB	+0.02%	+7 B 🔺
@sentry/browser (incl. Tracing, Profiling)	46.77 kB	+0.02%	+9 B 🔺
@sentry/browser (incl. Tracing, Replay)	80.94 kB	+0.01%	+5 B 🔺
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags	70.56 kB	+0.01%	+5 B 🔺
@sentry/browser (incl. Tracing, Replay with Canvas)	85.66 kB	+0.01%	+8 B 🔺
@sentry/browser (incl. Tracing, Replay, Feedback)	97.92 kB	+0.01%	+5 B 🔺
@sentry/browser (incl. Feedback)	42.42 kB	+0.02%	+6 B 🔺
@sentry/browser (incl. sendFeedback)	30.31 kB	+0.02%	+6 B 🔺
@sentry/browser (incl. FeedbackAsync)	35.29 kB	+0.02%	+6 B 🔺
@sentry/browser (incl. Metrics)	26.96 kB	+0.03%	+7 B 🔺
@sentry/browser (incl. Logs)	27.11 kB	+0.03%	+7 B 🔺
@sentry/browser (incl. Metrics & Logs)	27.78 kB	+0.03%	+7 B 🔺
@sentry/react	27.41 kB	+0.03%	+6 B 🔺
@sentry/react (incl. Tracing)	44.48 kB	+0.02%	+5 B 🔺
@sentry/vue	30.08 kB	+0.02%	+5 B 🔺
@sentry/vue (incl. Tracing)	44.05 kB	+0.02%	+8 B 🔺
@sentry/svelte	25.67 kB	+0.02%	+5 B 🔺
CDN Bundle	28.32 kB	+0.03%	+6 B 🔺
CDN Bundle (incl. Tracing)	43.11 kB	+0.02%	+6 B 🔺
CDN Bundle (incl. Logs, Metrics)	29.68 kB	+0.02%	+4 B 🔺
CDN Bundle (incl. Tracing, Logs, Metrics)	44.16 kB	+0.02%	+7 B 🔺
CDN Bundle (incl. Replay, Logs, Metrics)	68.48 kB	+0.01%	+6 B 🔺
CDN Bundle (incl. Tracing, Replay)	80.01 kB	+0.01%	+7 B 🔺
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	81.05 kB	+0.01%	+6 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback)	85.55 kB	+0.01%	+5 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	86.58 kB	+0.01%	+6 B 🔺
CDN Bundle - uncompressed	82.68 kB	+0.03%	+22 B 🔺
CDN Bundle (incl. Tracing) - uncompressed	127.83 kB	+0.02%	+22 B 🔺
CDN Bundle (incl. Logs, Metrics) - uncompressed	86.83 kB	+0.03%	+22 B 🔺
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	131.24 kB	+0.02%	+22 B 🔺
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	209.81 kB	+0.02%	+22 B 🔺
CDN Bundle (incl. Tracing, Replay) - uncompressed	244.7 kB	+0.01%	+22 B 🔺
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	248.1 kB	+0.01%	+22 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	257.62 kB	+0.01%	+22 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	261 kB	+0.01%	+22 B 🔺
@sentry/nextjs (client)	46.9 kB	+0.02%	+7 B 🔺
@sentry/sveltekit (client)	42.62 kB	+0.02%	+7 B 🔺
@sentry/node-core	55.77 kB	+0.04%	+17 B 🔺
@sentry/node	172.13 kB	-0.37%	-624 B 🔽
@sentry/node - without tracing	96.05 kB	+0.05%	+40 B 🔺
@sentry/aws-serverless	112.85 kB	+0.07%	+78 B 🔺

View base workflow run

[github-actions]

node-overhead report 🧳

Note: This is a synthetic benchmark with a minimal express app and does not necessarily reflect the real-world performance impact in an application.

Scenario	Requests/s	% of Baseline	Prev. Requests/s	Change %
GET Baseline	11,266	-	11,213	+0%
GET With Sentry	2,028	18%	1,972	+3%
GET With Sentry (error only)	7,554	67%	7,611	-1%
POST Baseline	1,089	-	1,281	-15%
POST With Sentry	518	48%	627	-17%
POST With Sentry (error only)	947	87%	1,132	-16%
MYSQL Baseline	3,711	-	3,494	+6%
MYSQL With Sentry	462	12%	456	+1%
MYSQL With Sentry (error only)	3,101	84%	2,814	+10%

View base workflow run

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

Accepted Iterable type lacks runtime handling in function

Low Severity

The new Iterable<Iterable<string>> variant was added to PolymorphicRequestHeaders, which is used as the type for fetchOptionsObj.headers. However, the function body only handles Headers instances (via isHeaders), arrays (via Array.isArray), and plain objects (the else branch). A non-array, non-Headers iterable (e.g. a Map) would silently fall into the else branch, where in operator checks and object spread would not correctly process the iterable's entries, producing malformed headers. Since this function is now exported for cross-package use, the type promises broader acceptance than the implementation supports.

Additional Locations (1)

• packages/core/src/fetch.ts#L242-L265

 

[cursor]

Feat PR missing integration or E2E test

Low Severity

This feat PR exports getTracingHeadersForFetchRequest as a new cross-package API but includes no integration or E2E test. The existing unit tests were only renamed, and no new test cases cover the newly accepted URL parameter type or the Iterable<Iterable<string>> header variant. Adding at least one integration test that exercises the new export in a realistic scenario (e.g., Cloudflare Workers fetcher binding) would help validate cross-package usage.

 

^{Triggered by project rule: PR Review Guidelines for Cursor Bot}