From 53b80778d1ef103c60d84a40911348b11f0ea31f Mon Sep 17 00:00:00 2001
From: Ben Vinegar <ben@benv.ca>
Date: Wed, 22 Mar 2017 21:35:03 -0700
Subject: [PATCH 1/2] Document how X-Sentry-Token re: source maps

Refs #705
---
 docs/sourcemaps.rst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/sourcemaps.rst b/docs/sourcemaps.rst
index 4da99859b6d2..79468fb8880d 100644
--- a/docs/sourcemaps.rst
+++ b/docs/sourcemaps.rst
@@ -128,6 +128,13 @@ For these reasons, it is recommended to upload source maps to Sentry beforehand
 
     While the recommended solution is to upload your source artifacts to Sentry, sometimes it’s necessary to allow communication from Sentry’s internal IPs. For more information on Sentry’s public IPs, :ref:`ip-ranges`.
 
+.. admonition:: Secure Access to Source Maps
+
+    If you want to keep your source maps secret and choose not to upload your source maps directly to Sentry, you can enable the "Security Token"
+    option in your project settings. This will cause outbound requests from Sentry's servers to URLs originating from your "Allowed Domains" to have
+    the HTTP header "X-Sentry-Token: {token}" appended. You can then configure your web server to allow access to your source maps when
+    this header/token pair is present.
+
 Uploading Source Maps to Sentry
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

From 191a8fceb24ad3b6530c7a68117c5bf6abcf631e Mon Sep 17 00:00:00 2001
From: Ben Vinegar <ben@benv.ca>
Date: Wed, 22 Mar 2017 21:59:32 -0700
Subject: [PATCH 2/2] Mention http basic auth

---
 docs/sourcemaps.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/sourcemaps.rst b/docs/sourcemaps.rst
index 79468fb8880d..4fd8f9abde07 100644
--- a/docs/sourcemaps.rst
+++ b/docs/sourcemaps.rst
@@ -132,8 +132,8 @@ For these reasons, it is recommended to upload source maps to Sentry beforehand
 
     If you want to keep your source maps secret and choose not to upload your source maps directly to Sentry, you can enable the "Security Token"
     option in your project settings. This will cause outbound requests from Sentry's servers to URLs originating from your "Allowed Domains" to have
-    the HTTP header "X-Sentry-Token: {token}" appended. You can then configure your web server to allow access to your source maps when
-    this header/token pair is present.
+    the HTTP header "X-Sentry-Token: {token}" appended, where {token} is a secure value you define. You can then configure your web server to allow access to your source maps when
+    this header/token pair is present. You can alternatively override the default header name (X-Sentry-Token) and use HTTP Basic Authentication, e.g. by passing "Authorization: Basic {encoded_password}".
 
 Uploading Source Maps to Sentry
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~