You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As raised in getsentry/sentry-javascript#4489, some users are concerned about exposing their original source code to the public via things like browser dev tools automatically applying published sourcemaps.
We've taken the first step towards solving that, by switching the default in the nextjs SDK to use the hidden-source-map value for Webpack's devtool option, which prevents built files from including a sourceMappingURL comment at the bottom, thereby removing the signal to browser dev tools that source maps even exist. For some folks, this will be enough. Others may want to prevent the source maps from being published at all, hidden or not, and the only surefire way to do that is to delete them after they're uploaded to Sentry. Since sentry-cli is already finding them in the filesystem, and is the first to know when the upload is finished, it's logical that it also be the one to do the deletion. Thus, this feature request, which would presumably be a flag passed to the upload-sourcemaps command.
The text was updated successfully, but these errors were encountered:
This adds a new option, `deleteSourceMaps` (or `SENTRY_DELETE_SOURCEMAPS` as an env variable), which will delete sourcemaps after uploading them.
Really this should be done at the `sentry-cli` level (see getsentry/sentry-cli#1318), but in the meantime, we can do it manually.
Fixes#40
As raised in getsentry/sentry-javascript#4489, some users are concerned about exposing their original source code to the public via things like browser dev tools automatically applying published sourcemaps.
We've taken the first step towards solving that, by switching the default in the nextjs SDK to use the
hidden-source-map
value for Webpack'sdevtool
option, which prevents built files from including asourceMappingURL
comment at the bottom, thereby removing the signal to browser dev tools that source maps even exist. For some folks, this will be enough. Others may want to prevent the source maps from being published at all, hidden or not, and the only surefire way to do that is to delete them after they're uploaded to Sentry. Sincesentry-cli
is already finding them in the filesystem, and is the first to know when the upload is finished, it's logical that it also be the one to do the deletion. Thus, this feature request, which would presumably be a flag passed to theupload-sourcemaps
command.The text was updated successfully, but these errors were encountered: