diff --git a/vite.config.ts b/vite.config.ts index c1409c53..003ed47c 100644 --- a/vite.config.ts +++ b/vite.config.ts @@ -5,10 +5,17 @@ import react from '@vitejs/plugin-react'; import laravel from 'laravel-vite-plugin'; import { defineConfig } from 'vite'; +// Only upload source maps when the build has a Sentry auth token (production +// CI). The same flag gates map generation, so a build without the token never +// emits .js.map files there is nothing to leak into public/build/assets/. +const sentryAuthToken = process.env.SENTRY_AUTH_TOKEN; + export default defineConfig({ envPrefix: ['VITE_', 'SENTRY_LARAVEL_DSN'], build: { - sourcemap: true, + // 'hidden' emits maps for upload but omits the sourceMappingURL comment, + // so browsers never fetch them even in the window before they're deleted. + sourcemap: sentryAuthToken ? 'hidden' : false, }, plugins: [ laravel({ @@ -25,19 +32,26 @@ export default defineConfig({ wayfinder({ formVariants: true, }), - sentryVitePlugin({ - url: 'https://bugsink.whisper.money/', - authToken: 'b0f46d1bdc25b9a998f540542e027e9faf0a2e8a', - org: 'bugsinkhasnoorgs', - project: 'ignoredfornow', - release: { - create: false, - finalize: false, - }, - sourcemaps: { - filesToDeleteAfterUpload: ['**/*.js.map'], - }, - }), + ...(sentryAuthToken + ? [ + sentryVitePlugin({ + url: 'https://de.sentry.io/', + authToken: sentryAuthToken, + org: 'whisper-money', + // Frontend JS errors are captured into the php-laravel + // project (see app.tsx Sentry.init using SENTRY_LARAVEL_DSN), + // so maps must be uploaded there to symbolicate them. + project: 'php-laravel', + release: { + create: false, + finalize: false, + }, + sourcemaps: { + filesToDeleteAfterUpload: ['**/*.js.map'], + }, + }), + ] + : []), ], esbuild: { jsx: 'automatic',