I was looking into JS docs, and steps to sentry in frontend JS is just:
- Refeer raven.js file
- Exec Raven.config(‘https://xxx@sentry.io/yyy’).install()
My question is, what prevents someone to inspect my code in browser, get my key and begin to mess with my logs?
For frontend JS you can whitelist specific origins in the project settings. Generally however if someone wants to be super annoying they can obviously submit data to you. That however is a general problem that cannot be solved with analytics/event processing solutions. You can just fight such people by blocking IP ranges in your settings.