Fix guide · low · sentry_dsn

Sentry DSN in client code

Why it matters

DSNs are designed to be in client code — they identify which project errors should report to. Risk is bounded: an attacker can submit fake errors to your project, eating quota and adding noise. Rate-limit the DSN to mitigate.

How to fix it

This is not a vulnerability per se. Optional hardening:

1. Rate-limit per IP in Sentry → Project Settings → Client Keys (DSN) → Rate Limit.
2. Set a quota cap so abuse can't drain your monthly events budget.
3. Don't confuse DSN with Sentry auth token (sntrys_*) — that one is the real secret.

Did vibecheck flag this on your app?

If you reached this page from a vibecheck inspection report, the redacted match in your scan output is the exact string we found in your bundle. After applying the fix above, run the inspection again — the finding should clear.