I have generated an API key to consume the JS Maps API and added a few restrictions such as:
*.mysite.com
mysite.com/events/*
Now, if I include the script in a page that is served from a domain that is not mysite.com I see:
Google Maps JavaScript API error: RefererNotAllowedMapError
https://developers.google.com/maps/documentation/javascript/error-messages#referer-not-allowed-map-error
Your site URL to be authorized: https://null.someotherdomain.com/
This is all ok.
Now, if I request locally a Google APIs URL like https://maps.googleapis.com/maps/api/streetview?size=400x400&location=40.720032,-73.988353&fov=90&heading=235&pitch=10&key=MY_API_KEY
As long as MY_API_KEY exists, I do get a valid response, via either a curl or by using a browser.
Shouldn't this content be prevented from rendering at all since the key is meant to serve only requests coming from mysite.com?
I also tried restricting the key even more and removing the access to the JS Maps api and it still returns a Street View image.
I might be missing something entirely obvious here, can anyone shed some light?
EDIT
Another restriction that I put in place is by API:
As you can see, the Street View API is explicitly disabled
Related
I am developing a android application using cordova and I am facing a issue regarding google maps javascript api.
We have a purchased API and included it in the following format ..
<script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false&client=<?php echo MAP_CLIENT; ?>&signature=<?php echo MAP_SIGNATURE; ?>"></script>
Using this particular script works absolutely fine in the web browser but is showing a error as follows.
Oops! Something went wrong. This page didn't load Google Maps
correctly. See the JavaScript console for technical details
As you are using the Premium plan with a client parameter you should authorize the URL you are loading an API from in your Google cloud support portal.
To prevent a third party from using your client ID on their own website, the use of your client ID is restricted to a list of URLs that you specifically authorize.
To see the URLs you have already authorized or to authorize additional URLs:
Log in to the Google Cloud Support Portal.
In the left-hand menu, click Maps: Manage Client ID.
You can add up to 100 URLs at a time. A Client ID may be associated with up to 3000 authorized URLs. If you expect your application to host Google Maps content from more than 3000 locations, you should switch to using API keys instead.
source: https://developers.google.com/maps/documentation/javascript/get-api-key#registering-authorized-urls
In order to figure out what is the URL that you should authorize, check the value of the window.location.href in you hybrid app. This value should be added to the list of authorized URLs.
Also note that Maps JavaScript API doesn't have signature parameter. You must delete it, especially if you expose there your cryptographic key which must be private.
I hope this helps!
After getting an access-token, I don't know how to use google API.
I tried to add 'access_token' but the error message displays 403: the request cannot be identified with a client project. Please pass a valid API Key with the request.
so I mixed up because I didn't get any API Key from OAuth. Please, does anyone knows how to get valid API key?
Have you looked at Using OAuth 2.0 for Client-side Web Applications?
The process is described quite nicely there. If you successfully received and verified the access_token, you can scroll down to Calling a Google API to see how to make API calls using the access_token.
If you need help with using a specific Google API, visit that API's documentation page. (e.g. Maps API, Drive API etc.)
Make sure you have needed APIs enabled and relevant credentials set up correctly from the Google API Console
You have to provide the api key along with the url; to do that just add the parameter "key=API_KEY", for example:
sheets.googleapis.com/v4/spreadsheets{{spreadsheet ID}}/values/{{the name of the spreadsheet}}!A1:D3?key={{API_KEY}}
I have an single page application built using AngularJS. All requests gets served up the index.html, and from there, Angular takes on the routing and queries a set of API endpoints to get the data to display.
The title and SEO metadata and description for the site is obtained the same way. The catch is that the API endpoint is on a different domain so the SPA is actually doing cross origin requests to get the data.
Everything works fine from a users point of view. However, when google crawls the site, it does not pick up any metadata or title, instead, it just shows the angular tags.
Looking through the site logs, I can see requests with Google bot only doing an OPTIONS request and not following with the actual GET.
How can I get google to index the page properly?
Here is a screenshot of what it is looking like:
The site is https://www.careercontroller.com
Any help would be appreciated.
NOTE: I know I can get this to work by generating static HTML from the server using PhantomJS or something, but I'm looking to get Google to index it properly since according to them, they crawl AngularJS apps just fine.
I have actually got this to work before, except the requests are not cross-domain, so could that be the problem?
This is a common issue that is solved by products like prerender.io
I am getting the error RefererNotAllowedMapError from some PC's when I load a page on my site.
RefererNotAllowedMapError
The current URL loading the Google Maps JavaScript API has not been
added to the list of allowed referrers. Please check the referrer
settings of your API key on Google Cloud Console.
See API keys
It works OK on FireFox from 3 out of four of the machines I have tested.
Generally this would mean that the domain is not added as a referer in my API console but it definitely is, and it definitely works on other machines.
Anyone else had this issue or able to provide some guidence?
Recreating the API key at console.developers.google.com fixed the issue for me.
Try to add all type of urls like:
http://stackoverflow.com/*
http://www.stackoverflow.com/*
*.stackoverflow.com/*
Definitely it will work.
Note the DOT at the beginning of the expression, it's a char!
*.stackoverflow.com/* // this will not work with http://stackoverflow.com and will allow for domains such as demo.stackoverflow.com
Replace above with:
*://stackoverflow.com/* // now it will cover all domain variation but not subdomains.
For me to use Places API I had to turn on Maps JavaScript API
This gives error because your Google map API key is not a browser key. Create new key as 'browser key'. This option is available when you create a new key.
I had a similar issue where I was trying to use the API but had it restricted to Map product only. It generated the same error even though http referrer box had nothing in it (open for all). The problem went away after recreating a new key without any product restriction.
Creating an new Browser Key fixed it for me.
https://console.developers.google.com/projectselector/apis/credentials
RefererNotAllowedMapError Error The current URL loading the Google
Maps JavaScript API has not been added to the list of allowed
referrers. Please check the referrer settings of your API key on the
Google API Console.
See API keys in the Google API Console. For more information, see Best
practices for securely using API keys.
The only thing that worked for me was to create a brand new key w/no restrictions, including no API restrictions.
This won't be a working solution in the production environment, but it allows us to move ahead w/development.
The solution to every/such Maps Javascript API error varies for different scenarios for different developers. A list of errors with detailed description is given by google here
Nevertheless please refer the below snap:
As you can see above under Application restrictions just by selecting the HTTP referrers won't do. You have to add a URL(i.e the URL of the website from which the api will be called to render the map).
Now the exact page(in my case the contact us page) which is gonna make the request to the api needs to be mentioned in the url and not just the domain.
Please go through the examples given in the documentation on the right
Adding a /* after the domain url like http://www.telesuprecon.com/* will make the request possible from any page within your website.
I am trying to render google maps with the following link inside QlikView application
http://maps.google.com/staticmap?center=23.01,84.49&zoom=5&maptype=roadmap&size=640x400&key=XXXXXXXXXXXXXXXXXXXXXX&.jpg
(I have created a BROWSER API key)
The error message I am getting is (not in QlikView, but in browser, when I try to render the link using browser):
The Google Maps API server rejected your request. This site or IP is not authorized to use this API key.
I have actvated following Google services on my account:
Google Maps Android API v2
Google Maps JavaScript API v3
Static Maps API
Translate API
Already found this thread on StackOverflow: The Google Maps API server rejected your request
I have tried the following:
make sure the Referers is set to Any referer allowed
Make sure you have enabled "Static Maps API" service in addition to "Google Maps API".
Unfortunately, I am still getting the same error message.
Can anyone help please? Thanks.
generate key from https://console.developers.google.com/ for maps api of type browser key. And make sure that while calling document.referrer should be set to your domain.
Google API keys are binded to Domain Names, if you request a Google Service from a site that is not whitelisted the request gets tossed.
Go to your Google Console. https://console.developers.google.com/
Click in the left Menu API's & Auth then Credential
Under Public API access click create new key and choose on the next Page Browser Key. You are now forced to enter all Domain Names that are allowed to make API request with this key.
Enter your Domain names use the new key and you should ready to go.