Best practice to handle htpasswd protected site's source maps

[vpmedia]

Hi!

I've a few internal web applications which are htpasswd protected and I would like to know how to serve these source files to Sentry for unminification.
I've my web servers configured to restrict access to .js.map files to the Sentry IP addresses only. This is working fine for sites which are not htpasswd protected.
The problem is that I see in my web server logs that with htpasswd protection this fails because Sentry cannot reach my actual bundled javascript files and not the maps, for example:
{"time": "2024-10-07T20:49:03+00:00", "remote_addr": "34.141.4.162", "path": "/SOURCE_CODE.js", "method": "GET", "protocol": "HTTP/1.1", "status": 401, "request_time": 0.000, "request_size": 246, "response_size": 390, "response_body_size": 172, "referer": "", "user_agent": "symbolicator/24.9.0", .....}
I see requests with a user-agent symbolicator/24.9.0 failing with HTTP 401 (unauthorized) from one of Sentry's IP addresses trying to grab my actual bundled .js files.
So the unminification fails not because the source map is not available but the actual minified source code.
How can I handle this use case? Should I use the bundler plugins (web pack / vite) to provide my sources to Sentry, are these uploading both my .js and .js.map files or just the latter?
For example the following documentation only mentions that the webpack plugin uploads source maps, does not mention anything about uploading bundled source files..
https://docs.sentry.io/platforms/javascript/sourcemaps/uploading/webpack/

[vpmedia]

Nevermind.. I've ended up solving this using sentry-cli, injecting debug ids than sourcemap upload with release tag. Everything is working perfectly.