Hosting Publicly
Learn about publicly hosting your source maps, including how to address various security concerns.
The most reliable way to provide your source maps to Sentry is to upload them, because it cuts down on network traffic and ensures the correct version of the code and source maps will be used.
By default, Sentry will look for source map directives in your compiled JavaScript files. These directives are located on the last line and have the following format:
//# sourceMappingURL=<url>
When Sentry encounters such a directive, it will resolve the source map URL relative the source file in which it is found, and attempt an HTTP request to fetch it.
For example, if you have a minified JavaScript file located at http://example.org/js/app.min.js
and in that file, on the last line, the following directive is found:
//# sourceMappingURL=app.js.map
Sentry will attempt to fetch app.js.map
from http://example.org/js/app.js.map.
Alternatively, during source map generation you can specify a fully qualified URL where your source maps are located:
//# sourceMappingURL=http://example.org/js/app.js.map
While making source maps available to Sentry from your servers is the most natural integration, it is not always advisable:
- Sentry may not always be able to reach your servers.
- If you do not specify versions in your asset URLs, there may be a version mismatch
- The additional latency may mean that source mappings are not available for all errors.
For these reasons, it is best practice to upload source maps to Sentry beforehand. See our docs on uploading source maps to learn how.
While the recommended solution is to upload your source artifacts to Sentry, sometimes it’s necessary to allow communication from Sentry’s internal IPs. For more information on Sentry’s public IPs see: IP Ranges.
If you want to keep your source maps secret and choose not to upload your source maps directly to Sentry, you can enable the “Security Token” option in your project settings.
This will cause outbound requests from Sentry’s servers to URLs originating from your “Allowed Domains” to have the HTTP header X-Sentry-Token
header append:
GET /assets/bundle.min.js
X-Sentry-Token: {token}
The token
is a secure value you define in your project's settings. You can then configure your web server to allow access to your source maps when this header/token pair is present. You can alternatively override the default header name (X-Sentry-Token
) and use HTTP Basic Authentication, for example by passing Authorization: Basic {encoded_password}.
Our documentation is open source and available on GitHub. Your contributions are welcome, whether fixing a typo (drat!) or suggesting an update ("yeah, this would be better").