Hosting Publicly

By default, Sentry will look for source map directives in your compiled JavaScript files. These directives are located on the last line and have the following format:

Copied
//# sourceMappingURL=<url>

When Sentry encounters such a directive, it will resolve the source map URL relative the source file in which it is found, and attempt an HTTP request to fetch it.

For example, if you have a minified JavaScript file located at http://example.org/js/app.min.js and in that file, on the last line, the following directive is found:

Copied
//# sourceMappingURL=app.js.map

Sentry will attempt to fetch app.js.map from http://example.org/js/app.js.map.

Alternatively, during source map generation you can specify a fully qualified URL where your source maps are located:

Copied
//# sourceMappingURL=http://example.org/js/app.js.map

While making source maps available to Sentry from your servers is the most natural integration, it is not always advisable:

  • Sentry may not always be able to reach your servers.
  • If you do not specify versions in your asset URLs, there may be a version mismatch
  • The additional latency may mean that source mappings are not available for all errors.

For these reasons, it is best practice to upload source maps to Sentry beforehand (see below).

Working Behind a Firewall

While the recommended solution is to upload your source artifacts to Sentry, sometimes it’s necessary to allow communication from Sentry’s internal IPs. For more information on Sentry’s public IPs see: IP Ranges.

Secure Access to Source Maps

If you want to keep your source maps secret and choose not to upload your source maps directly to Sentry, you can enable the “Security Token” option in your project settings.

This will cause outbound requests from Sentry’s servers to URLs originating from your “Allowed Domains” to have the HTTP header X-Sentry-Token header append:

Copied
GET /assets/bundle.min.js
X-Sentry-Token: {token}

The token is a secure value you define in your project's settings. You can then configure your web server to allow access to your source maps when this header/token pair is present. You can alternatively override the default header name (X-Sentry-Token) and use HTTP Basic Authentication, for example by passing Authorization: Basic {encoded_password}.