HTTP 403 on images loaded from googleusercontent.com - html

First off, I don't think my problem is related to these questions: question 1, or question 2.
Because I'm not using authentication anywhere, or any library either (I don't need to).
I'm simply loading some publicly-available album art images in my web application:
// urlList is an array than contains URLs like the examples given below
<img *ngFor="let url of urlList" src="url">
Example URLs:
Glass Mansion, Summertime, Side Effects
99% of the time, it works. But sometimes I get 403 errors on the console for those exact same URLs.
I know they're not related to authentication, because, well. These URLs are publicly accessible.
Debugging this has been difficult, because a few page refreshes later, it magically works again. There's nothing out of the ordinary in logs either (except the GET 403 errors).
What in the world is happening?
I'm using Angular v7.2.15. Browser: Google Chrome

Add referrerpolicy="no-referrer" attribute
<img src="your-google-link-here" referrerpolicy="no-referrer"/>

Within several Google API's (like the gmail API for example), Google uses HTTP403 and/or HTTP429 in order to ratelimit certain requests over certain time periods. I do not know what method you are using, if you are using some sort of API etc, nor do I know how busy or large your webapp is. But rate limiting or fair use compliance could be coming into play.
Gmail API Rate Limit Info Source - https://developers.google.com/gmail/api/v1/reference/quota

Related

Network request made by a website is not showing in Chrome DevTools nor Fiddler

This situation cannot be easily reproduced because the website requires login through Steam.
The webpage shows a list of items that can be purchased. Whenever a new item is listed, it will appear at the top of the list of items. However, when checking Chrome DevTools and Fiddler, I cannot find the Request that is made that contains the data of the newly listed items. In fact, there are no requests made at all.
I am not using any filters in Chrome DevTools.
How is this webpage retrieving data from the server, and why are Chrome and Fiddler not picking up on it?
This question contains the answer: POST request not showing up in Chrome DevTools
jvda:
This is a common source of conufsion when debugging networking requests done from the web. Normally, developers look at these network requests from top down and assume that the lowest one is the most recent request made - therefore assuming that the request must be at the bottom. For 'plain' HTTP this is correct. However, many apps that want to show data in real-time, use WebSockets to communicate with an API.
The same thing happens in the Web-version of Whatsapp. Only assets like the actual JavaScript-app, icons etc are loaded using plain HTTP. Then, a WebSocket is opened through which messages are exchanged for example.
I thought this question was irrelevant but I guess it was not. The data is exchanged through WebSockets

Google drive preview "/image" API doesn't work anymore?

Few days ago I was able to make request to:
https://drive.google.com/a/{{domain}}/file/d/{{docDriveId}}/image?pagenumber=1&w=400
Via this API I was able to get image preview on multi-page documents.
Seems it's there, but times-out after some time. It doesn't work anymore. Does anyone know what happened? It seems there's no documentation on this API.
On the other hand, I am aware of the thumbnailLink URL when getting document object via API, but this will only get 1st page preview.
Any alternative solutions to this?
Thanks a lot,
M
That URL is not a part of the official Drive API and is not guaranteed to remain stable. The Drive API doesn't include the ability to fetch per-page image previews of documents, but you may want to investigate using the embedLink as an alternative: https://developers.google.com/drive/v2/reference/files

Different errors (quota, disabled, bad API key, or none) when loading Google Maps API JavaScript

We ported our site to Google maps, but we get different errors when loading a map using the JavaScript Maps API (v3 of course). Other times the map loads correctly. The two most prominent errors are:
"Google has disabled use of the Maps API for this application. See the
Terms of Service for more information
http://www.google.com/intl/en_US/help/terms_maps.html." (JS Alert)
And:
"This site has exceeded its daily quota for maps. If you are the
creator of this site, please visit the documentation to learn more."
(this is a DOM overlay)
Live minimal example:
This code is not yet live but there's a minimal example here: http://mappat.com/maptest.php. It is simply Google's own Hello World example with our key filled in and even that gives problems.
Network traffic inspection:
I noticed the first error is shown when 'AuthenticationService.Authenticate' fails (returns [0,5,0]), the second when 'QuotaService.recordEvent' returns [0,null,0]. These are remote calls from within the SDK and I don't know if these details are relevant.
What we tried:
Billing is enabled by the way and we stay way below our quota limits. I tried a lot of things already, new key, waiting a few days, turning the Maps API off and on again in the console, etc. I filled in the allowed referrers but also left it open to allow others. No difference.
I don't dare to start a new project in de dev console because this whole thing started when I did actually just that because I had (different) problems with the server-key. That server part is now working flawlessly btw, kind of ironically.
[Edit: I just tried to leave out the API key when loading the JS maps file, which, fingers crossed, seems to work. But now the server-side calls to places/searchtext start to give random "The provided API key is expired." errors, again (same reason we created the new project). Coincidence? Also, I don't like this option, especially with regards to the future (reaching 25k, going beyond and going Business Account)].
So, I'm stuck. Hence my first SO question ever. Could it be that we are blacklisted? Perhaps because of the duplicate project? Is there a way to find that out and/or to get us 'reset'? Or am I simply overlooking something?
Any help is appreciated because until we solve this, this is a deal-breaker.
Sidenote: I also filed a bug report because I think giving random errors on itself is not expected behaviour. It's up to the dev team to decide if they agree. If not, we still have a problem, hence this SO question.
I think you have a syntax error in your php var dump:
<script type="text/javascript" src="https://maps.googleapis.com/maps/api/js?key=AIzaSyDYuWR5wqux1_iTmfIWPveheIOr5PhqjEs&?>sensor=FALSE&language=en">
</script>
you have ?> just before sensor
This issue magically disappeared after a week or so.
I didn't get any response from Google, but they may have change/reset something behind the scenes, of course. The bug is still marked 'new', by the way.
My advice to others having this issue is to first check some basic things, since the individual errors I got could also result from actual things you're doing wrong (ie mistake in allowed-referers). If all seems okay after triple checking, just remove the API key from the request, test along like that for a while and retry in a couple of days.

What is this Google URL

I've recently written a script that monitors all web traffic on my site, pages visited and http referees etc. the only thing is this URL pops up quite a lot:
http://www.google.com/aclk?sa=L&ai=CpEvvFIUuU-HsL-KLsQeToYAQ0p6OgwTSx7TDZZCY14MBCAAQAVDi_eSK-v____8BYMmG_4fwo-wSyAEBqgQfT9AXzXKHZOapkrGJKMmlEyCHmzHyLx_B7YlQXndIb7oFEwjb7J2xiai9AhVkTjIKHdpMAFPKBQCAB6LT4CuQBwM&ei=FIUuU9uSLOScyQHamYGYBQ&sig=AOD64_22JDmj354Hn
But when I goto it it is just blank. Any idea what it might be?
As per this post : http://clicky.com/forums/?id=6591
It seems to be something google uses to track clicks on ads, with aclk bieng short of ad click.
And it returns a blank page as the link throws a bad request error, when accessed directly. Which essentially means no page has been loaded. (check console).
This is a result of obfuscation techniques called "Secure Search" implemented by Google a couple of years ago to prevent traffic analysis tools from gathering Keyword/User data due to privacy concerns.
It is caused by the user being logged in with their Google account when they click through to your website, therefore the URL is unique to each user session and this is why it returns a blank page.
In Google Analytics this results in (not provided) keyword data accounting for around 80% to 90% of all referrals.
More info here:
http://searchenginewatch.com/article/2296351/Goodbye-Keyword-Data-Google-Moves-Entirely-to-Secure-Search

Google Maps API Blocked for certain server

Google Maps API static maps is blocking my website's maps.. The site is on a load balancer, so the map is only blocked on one of the servers and seems to be only blocked when viewing the map that was sent in an Email. The users see a red X with a thottle image representing overused.
If I view the map in a browser using the Javascript V3 version of the same map on the same device, it is fine. Or if I end up on another server (load balancer), then it is fine. It is just a specific server viewing an email with the map in the email.
http://maps.google.com/maps/api/staticmap? (example - doesn't work outside of the code)
My question is to try and understand what is happening. When viewing an email with the Static map, it is the end user (receiver of the email) that is downloading the Map. There is no way any of them reached a 2,500 view limit in a day. All the emails come from one server, but when viewing I do not think this is a factor since it is only when I am on a specific web server that I get the problem.
Can anyone explain what is happening?
BTW, I have contacted Google Business Premier group and have not received a response yet. I need a work-around while I figure out what and if they want to charge me.
I'd make sure that you're not embedding the image itself in the email, but instead are including an tag that loads the map directly from Google. If your email blasting program is downloading the image and embedding it in the email you could easily go over that limit based on how many images and emails you send.
It would be worth looking at the HTML source of the email and making sure that you're loading the map directly from Google. If you are, any over quota problems you've run into might be limited to your current IP address. Checking the email from a different IP (simulating one of your end users) should be a much better test.