Sentry: difference between DSN with secret and without
I haven't been able to find anything in the docs -- how does the sentry server treat auth differently when given a DSN with the secret, vs a DSN without (from raven-js and the like)? Both forms of DSN are used only to report errors, as I understand it, but presumably there's some difference?
codekitchen
All 3 comments
The secret has explicit trust, whereas the public key has some minor protections to prevent easy abuse. Either way, both of them allow you to send events without verification, though we don't allow use of the public key except in specific situations (as they require certain other details to be present).
Specifically the public DSN is _only_ used by the JavaScript, and I believe Flash SDKs, and is entirely specific to browsers.
dcramer
on 12 Jul 2016
Would be great if this was explicitly stated in the docs. e.g. here https://docs.sentry.io/clients/ruby/#configuration
If you're using Sentry for both JS and Rails logging it is a bit of a gotcha to just put the public DSN into an environment variable and assume it'll work for both.
CharlesHarley
on 2 Nov 2016
I'm not sure I agree with this. Currently Sentry on mobile uses the private DSN, while a mobile app is not tamper / reverse-engineering free.
There's no Google-like restriction (app fingerprint on mobile, Referer on Web) either, so I'm not sure there's any meaning for splitting them into two.
ishitatsuyuki
on 20 Aug 2017
Related issues
phiresky
路
3Comments
fatagun
路
4Comments
dmnd
路
4Comments
dcramer
路
4Comments
sul4bh
路
3Comments
Most helpful comment
Would be great if this was explicitly stated in the docs. e.g. here https://docs.sentry.io/clients/ruby/#configuration
If you're using Sentry for both JS and Rails logging it is a bit of a gotcha to just put the public DSN into an environment variable and assume it'll work for both.