Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove source maps from build #497

Open
allanlewis opened this issue Feb 16, 2023 · 10 comments
Open

Remove source maps from build #497

allanlewis opened this issue Feb 16, 2023 · 10 comments
Labels
feature-request

Comments

@allanlewis
Copy link

Is your feature request related to a problem? Please describe.

This module tells Webpack to generate source maps for Sentry, which is very useful. However, for compliance reasons I'd like to not deploy source maps to production.

Describe the solution you'd like

I want to be able to upload source maps to Sentry but then exclude them from my build so they're not accessible in production.

Describe alternatives you've considered

I'm currently looking to manually delete the source maps from my dist directory before deploying.

Additional context

n/a
@zecar
Copy link

zecar commented Feb 25, 2023

maybe you could use this to secure those: https://docs.sentry.io/platforms/javascript/guides/capacitor/sourcemaps/uploading/hosting-publicly/

@allanlewis
Copy link
Author

maybe you could use this to secure those: https://docs.sentry.io/platforms/javascript/guides/capacitor/sourcemaps/uploading/hosting-publicly/

There's no problem deploying source maps to Sentry, I just don't want them in the bundle I deploy to my server 😕

Even if they're behind basic auth, I don't think that would pass compliance.

I've now added something along the lines of find dist -name '*.js.map' -delete to my build script, which seems a bit messy...

@zecar
Copy link

zecar commented Feb 26, 2023

depending on what you are using to deploy your app + how you upload sourcemaps to sentry you could use ENV variables to disable sourcemaps in your build.. for example webpack has specific configuration regarding sourcemaps..

regarding basic auth for sourcemaps.. you could also add server configuration to only allow Sentry's IP to access your .map files https://docs.sentry.io/product/security/ip-ranges/

to remove the source map url from your js files you can use (if you don't already) [this] (https://docs.sentry.io/platforms/javascript/guides/nextjs/manual-setup/#use-hidden-source-map)

@allanlewis
Copy link
Author

depending on what you are using to deploy your app + how you upload sourcemaps to sentry you could use ENV variables to disable sourcemaps in your build.. for example webpack has specific configuration regarding sourcemaps..

I tried that but it looked to me like this module was overriding my Webpack settings, but I'm not a Webpack expert 😕

regarding basic auth for sourcemaps.. you could also add server configuration to only allow Sentry's IP to access your .map files https://docs.sentry.io/product/security/ip-ranges/

That seems like more work than just not deploying them...

to remove the source map url from your js files you can use (if you don't already) [this] (https://docs.sentry.io/platforms/javascript/guides/nextjs/manual-setup/#use-hidden-source-map)

I already do that but my compliance requires that the source maps are not present at all 🤷‍♂️

Thanks for all your suggestions 🙏

@rchl
Copy link
Member

rchl commented Feb 26, 2023
edited

I tried that but it looked to me like this module was overriding my Webpack settings, but I'm not a Webpack expert 😕

Yes, it does because the source maps need to be generated to be able to upload those to Sentry.

I'm currently looking to manually delete the source maps from my dist directory before deploying.

It's what the module would most likely have to do too if it would be handled automatically by it. So it's a good workaround for the time being IMO.

@allanlewis
Copy link
Author

I'm currently looking to manually delete the source maps from my dist directory before deploying.

It's what the module would most likely have to do too if it would be handled automatically by it. So it's a good workaround for the time being IMO.

I agree, it's simple and it works reliably 👍

@rchl rchl mentioned this issue Feb 28, 2023
Closed
@kolesoffac
Copy link

This approach is good but seems messy because the links stay in the js file and you can see a lot of warnings in the console.

@allanlewis
Copy link
Author

This approach is good but seems messy because the links stay in the js file and you can see a lot of warnings in the console.

I'm using hidden-source-map which I think prevents that from happening.

@kolesoffac
Copy link

I use nuxtjs and therefore there is no such feature

@kolesoffac
Copy link

I wrong.
https://sentry.nuxtjs.org/sentry/options#sourcemapstyle

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rchl @allanlewis @zecar @kolesoffac