Hidden Source Map Support (Feature Request)

[ndreckshage]

In addition to regular source map support, it would be nice to support hidden source maps, where the source map URI is not provided by the script. This would be helpful for production environments where we don't want to display source to anyone that opens devtools.

Maybe the ability to provide a key in opbeat application settings, and then opbeat could download the source map based on a standard pattern. Something like [path-to-file][somewhat-secret-key].js.map

Also, what IP does opbeat use to access the sourcemaps? Then we could limit sourcemaps to internal networks & opbeat.

[hmdhk]

Hi @ndreckshage,

Thanks for reaching out to us, this is an interesting use case. I will take note of this for future improvements.

Cheers,
Hamid

[ndreckshage]

Thanks @jahtalab -- fwiw hidden is a bonus, ip is really a req for us to be able to use in prod. If that can be provided first

[roncohen]

@ndreckshage Just wanted to let you know we're working towards a setup that will allow us to give out the ip addresses that we'll use to fetch sourcemaps

[ndreckshage]

@roncohen great, thanks!

[roncohen]

@ndreckshage hey! Would a solution where you upload the sourcemaps to our servers work as well?

[Zertz]

@roncohen As long as there is an API and can be automated :-)

[domdorn]

any updates on this? at least allow uploading the sourcemap for now... PLEASE!

[hmdhk]

Hi @domdorn ,
Thanks for your interest.
Unfortunately, there's no update. But we've taken a note of your request.

[domdorn]

too bad. this makes opbeat unusable for my client.

to clarify:
We cannot provide sourcemaps in a way, that they are publicly accessible.
thus we either need a way to identify the upbeat crawler like

• whitelisting IPs
• a special user agent and a shared secret in a header
• some other way

or to allow to manually upload sourcemaps.

[hmdhk]

@domdorn ,

Thanks for your suggestions.
You are absolutely right, it is a very important feature and in fact we have looked into it and would like to provide it. However I cannot offer a timeline at the moment. I will consider this a big +1 for getting this feature out.

Cheers :)

[domdorn]

is there at least any indicator we can use to identify opbeat in the meantime?
IP-Range, User-Agent, IP-Reverse resolution (like google does)?

[b3rntsen]

+1 for this one @roncohen ;)

[AndrewGrachov]

upvote. Any update on this issue?

[hmdhk]

Thanks for reaching out @AndrewGrachov ,
Unfortunately, still no updates on this.
I will make sure that we reconsider providing this feature.