0

We are using a front-end error logging tool Sentry to see the errors we get in our angular applications.

Sentry allows users to upload their SourceMap files, so I went into our angular.json and set "sourceMap": true. As expected, it creates a lot of .js.map files that we upload to Sentry, but we get rid of them and do not deploy them, for the obvious security reasons.

The problem is that for some reason, Google Chrome Dev Tools somehow know that SourceMap files were generated and even tries to access them!

enter image description here

So here is my question:

  • How does Google Chrome work out that SourceMapswere generated? I assume something in the html, css or js files tells this.
  • How do I work around that? I want to get the SourceMaps, but I don't want anyone to know that they exist and especially their locations.

Side note: Although I mention Sentry multiple times, it has nothing to do with the question. I just wanted to explain, why we want this.

eddyP23
  • 6,420
  • 7
  • 49
  • 87
  • 1
    `//# sourceMappingURL=`. The location is guessable anyway, if they aren't actually deployed why does it matter? – jonrsharpe Aug 01 '19 at 13:35

1 Answers1

3

First: As @jonrsharpe noted, it turns out that Angular injects //# sourceMappingURL=... comments at the end of css and js files and Google Chrome (possibly other browsers as well) parses it and uses it for to display original stack traces.

Second: It seems that this is doable, by configuring hidden: true for the sourceMap parameter, like this:

"sourceMap": { "scripts": true, "styles": true, "hidden": true, "vendor": true }

It seems that sourceMap can be either a bool or a complex object. Please look at the angular docs here.

eddyP23
  • 6,420
  • 7
  • 49
  • 87