From efbc4672731c35e10ec1aff7c75d6a771f5cdd96 Mon Sep 17 00:00:00 2001
From: Thomas Grainger <tagrain@gmail.com>
Date: Fri, 26 Aug 2016 11:20:17 +0100
Subject: [PATCH] Document X-Sentry-Token

---
 docs/sourcemaps.rst | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/sourcemaps.rst b/docs/sourcemaps.rst
index 4da99859b6d2..43de75cd271a 100644
--- a/docs/sourcemaps.rst
+++ b/docs/sourcemaps.rst
@@ -116,12 +116,20 @@ Alternatively, during source map generation you can specify a fully qualified UR
 
     //# sourceMappingURL=http://example.org/js/app.js.map
 
+Secure access to source maps.
+
+If you want to keep your source maps secret and don't upload your source maps directly you can set the Security Token
+option in your project. It will cause outbound requests matching Allowed Domains to have the header "X-Sentry-Token: {token}".
+You can then check for this token in your web server.
+
 While making source maps available to Sentry from your servers is the easiest integration, it is not always advisable:
 
 * Sentry may not always be able to reach your servers.
 * If you do not specify versions in your asset URLs, there may be a version mismatch
 * The additional latency may mean that source mappings are not available for all errors.
 
+
+
 For these reasons, it is recommended to upload source maps to Sentry beforehand (see below).
 
 .. admonition:: Working Behind a Firewall