Enable google maps api key in production environment - google-maps

I made a flask app and deployed it to a linux server on Linode. It is running and some of my pages are working. For example, the contact page works. However, some of them have an inset google map. Upon loading one of these pages, my map is visible for a split second, then a big gray exclamation! and the map is blocked.
While testing the app using Flask's built in development server in my remote environment, all my functionality worked. When moving to a production environment, I used nginx and gunicorn. And I think I did it correctly. Judging that I do see the google maps working for just a second, it looks like this is not the issue.
Do I need to enable my google maps javascript api key for the production environment somehow?

When I have a look at your source code, I see
https://maps.googleapis.com/maps/api/js?key=None&callback=initMap
So, you did not add the API key, so it cannot work.
Please see https://developers.google.com/maps/documentation/javascript/get-api-key for how to get a key.

Related

Google Maps API for both localhost & production server, as of April 2019

TLDR
My code works fine on my laptop when accessed as file://<path>/index.html, but neither on my laptop with an Apache server running when accessed as http://<path>/index.html, nor on my real (production) server. I see no errors on the console, but the map is just a grey rectangle.
[Update] I moved to LeafletJS shortly after asking this question, and recommend others to do so too.
It has been a few years since I coded any Google Maps applications.
It seems that, as of last year, it is now necessary to have an API key, by providing it with credit card details, and to provide it with each API call.
Unfortunately, there is a lot of of information about this, much/most of it out of date and/or contradictory.
Can anyone point to the canonical guide, preferably with screenshots, of how to configure this?
I wish to draw a map, and add some makers, which will require reverse geocoding, such that I provide a street address and convert it to lat/long in order to place the markers.
Sounds simple enough, but which of the many thousands of "helpful" site has gotten it right?
For instance, what seems to be the current Google help page speaks of
From the Navigation menu, select APIs & Services > Credentials.
On the Credentials page, click Create credentials > API key
But I can't even see that menu option :-(
[Update] If it helps any, the error message in the developer console said :
Geocoding Service: You must use an API key to authenticate each request to Google Maps Platform APIs. For additional information, please refer to http://g.co/dev/maps-no-account For more information on authentication and Google Maps JavaScript API services please see: https://developers.google.com/maps/documentation/javascript/get-api-key
[Update] I am trying to access the API like this
<script src="maps.google.com/maps/api/…>
and
var url = 'https://maps.googleapis.com/maps/api/geocode/json?address=' + comapnyLocation +'&key=XXXX';
$http.get(url)
[Update++] in the developer console, I see a bunch of errors along the lines of:
aliextension.com/wp-content/uploads/2017/08/JAR.png:1 GET https://aliextension.com/wp-content/uploads/2017/08/JAR.png net::ERR_CONNECTION_TIMED_OUT
I have no idea what aliextension is, nor does it appear in my code (maybe in some minified JS?)
Ok, it is something to do with AliExpress (Ali Baba). I removed it & the timeout messages go away, but I still have problems.
If I load the index.html into Chrome as a file://, then it works just fine. But, if I load it `as http://, where I have a Xampp Apache server running, the map box remains grey, although I see no error messages. The same thing happens on my real server :-(
This page should be your starting point:
https://developers.google.com/maps/documentation/javascript/tutorial
it helps you working with Google map javascript API.
To embedded a google map to your website read the overview page in the above link.
To add markers to your google map read this page:
https://developers.google.com/maps/documentation/javascript/adding-a-google-map
To do reverse geocoding read this page:
https://developers.google.com/maps/documentation/javascript/geocoding
That all i need to work with google map. I think you can do the same too.
The cause for this is quite likely an API key restriction.
In order to permit these host-names or IP addresses, you have to:
a) go to the credentials panel and select the according project, then click on "Api key".
b) there you can loosen the restrictions, for HTTP referrers (for web-sites)
... or for IP addresses (in case these are server-side requests).

Google Map display in localhost but not in live server

http://www.viethouserestaurant.at/
Please check above the site. Any one can help to solve my issue?
I have display google map at the last above the footer.
I can see the google map on my localhost but on live server i can not see.
Running it on a server requires an API key.
A potential issue could be that you didn't declare your website URL in the Google Maps API key page and only included localhost.
Find your API key in the console and add your websites URL

Cordova google maps api key safe enough

I wonder if my Google maps API key is safe the way I use it now. Because I have a Cordova application with Google maps, I have generated an API key. I cannot white-list the key to my domain, because it runs client side on the phone.
Also my API key is visible for anyone who unpacks my app and read the index.html, or listen to the web requests that the app makes.
Is there any way to protect my API key? And if there isn't, it is safe to use Google maps, or any other third party API that uses a API key for authentication?
I see two possible solutions to your problem. Both of them I have already personally implemented (not with GMaps though) but still have some downsides.
(1) You can use a backend technology to add in API keys to your requests. For this it is advisable to use a combination of something like Apache2 mod_proxy and mod_rewrite. In your application you then use URLs that point to your proxy server i.e. https://yourserver.com/js/googleapis/maps/api/js and make mod_rewrite this URLs to something like https://maps.googleapis.com/maps/api/js?key=API_KEY
A rule for mod_rewrite (not tested) could look like this:
RewriteCond %{QUERY_STRING} ^$
RewirteRule ^/googleapis/maps/api/js (.*)$ https://https://maps.googleapis.com/maps/api/js?key=API_KEY
I think you get the idea. The big advantage of this approach is that you can completely hide your private information on a server you control. The downsides are: If your app causes high traffic you will most likely experience high traffic on the proxy machine. Further if attackers figure out the URL to your Google Maps API proxy endpoint it will be easy for them to retrieve the GMaps API through your service.
(2) The second option would be to create a service to retrieve your API keys. Assuming your application already needs some form of authentication anyways you cold go a road where the API key service hands out the API key only to registered and authenticated users.
Both approaches will have their downsides regarding better tooling for debugging mobile-web applications. I.e. an attacker using MacOS, XCode and Safari on a desktop could establish a debugging session to your Cordova application and step debug the JS code that runs inside your App. Which means whatever stretch you make in the Cordova arena it is quite easy to attach to your App and read variables.
No credit to comment on accepted answer but personally, I'd go for the 2nd option suggested by Matthias Steinbauer. However, his concern about an attacker debugging your Production app doesn't apply to apps built with a Distribution Provisioning profile (such as required when submitting to the App Store) - only apps signed with a Developer Provisioning profile. The same goes for Google Apps too. IF it were possible to just debug a prod app, then say goodbye to security.
Having said that, an App's static content can be viewed by others (since app is just a zip file) - so don't hard-code any keys or security info.
Personally, I'd also obfuscate the source when building prod version.
Hope it helps

Google disabled use of the Maps API for V3

I am an amateur website developer but proficient in html and javascript.
I have a handful of websites using the Google Maps API V2 with no problem. I tried to upgrade to V3. I got a new API key and used the sample html (based on Australia) provided by Google. All I got was the 'disabled' message.
If I remove the key completely it works! What am I doing wrong?!! (www.gn45.com/gmap.html)
This message appears, because there's a particular domain whitelist, that is configured for each business account. By default, you can always access google APIs with an API key from localhost, but any other domain should be specifically set within account management.
With the mobile application, your index.html is read from the filesystem and then passed to in App Browser. Therefore google rejects a request to the API with API key. You can temporarily remove API key from your request and access the API without any, this way you'll have a 50k request/month limit, which should be sufficient for development purposes.
I'm looking for a way to configure this myself, as soon as I find one, I'll provide an update.

Google maps API v3 flash empty viewport

I'm using the google maps API v3 with flash and it works fine on one of my websites.
I transfered it to another website and changed the API key, but all I see is the default background color with no error message. Unfortunatly, I cannot access the flash source code.
Is there a way to debug the application or see some error messages without the source code?
Or maybe somebody has an idea of what is wrong?
Use Firebug Net monitor to see if all of the request are going through. That would be the first place that I would start. My guess is that there are HTTP Requests trying to get data from a domain that doesn't have a crossdomain policy allowing access from the new site you moved it to.
First of all maps V3 doesn't need a a key. I think you are combining parts of V2 (with key) and V3(which doesn't need key) so obviously there is something wrong in your code.