I need to secure my paid google map API key in google developer console.
I had try this in 'Credentials' tab, in api key settings.
Field label 'Accept requests from these HTTP referrers ...'.
If I'm right, this *.dev2.urelay.xyz/* must be useful for this URL - https://dev2.urelay.xyz/
But it doesn't work for me, I got this error in my console
Google Maps API error: RefererNotAllowedMapError https://developers.google.com/maps/documentation/javascript/error-messages#referer-not-allowed-map-error
Your site URL to be authorized: https://dev2.urelay.xyz/
*.dev2.urelay.xyz/* doesn't match https://dev2.urelay.xyz/ because it requires a period (.) that isn't in that URL.
dev2.urelay.xyz/* would match it. You only need the form *.dev2.urelay.xyz/* if you have a subdomain of dev2 that needs to host a map (like https://www.dev2.urelay.xyz/)
Related
I receive a 403 error in google maps API dashboard for the geocoding API after limiting the key to my domain. The geocoding works when the key is unrestricted. Currently I have the following as acceptable HTTP referrers:
https://website.com/*
https://www.website.com/*
This allows my basic javascript map and autocomplete forms to work on HTML pages. However, the geocoding is done through a python script that accesses website.com/markers (has no HTML page, just displays JSON data if you visit it). Is there a reason it will not work? The 403 error is what I see in the API dashboard, but I receive an internal server error message when visiting website.com/markers. When unrestricted, the dashboard shows response code 200 and I can see the correct JSON data. Therefore, I believe my code is not the issue.
Things I have tried:
Allowing “https://website.com/markers” as a referrer, as well as www. version of that, and http versions. Also used versions without http or https.
Changing to allow IP address of website (referrer not allowed error happens when I do this)
Double checking all references to API key in code. Code works in development and in production when unrestricted.
Double checked that all needed services are enabled in Google api console and not over quotas.
I have searched for this issue for hours and cannot find an answer, please go easy on me if I have overlooked something simple.
It sounds like you're trying to use the method of URL restriction intended for use with client-side web api's. In that case, the public URL of the site is used in the validation.
You want to use the IP address validation, intended for server-side calls.
The following is from https://developers.google.com/maps/faq#keysystem:
API Key: An API key is a unique identifier that you generate using the
Google API Console. API keys are generally used with the standard
APIs. Premium Plan customers1 typically can choose to use a client ID
or an API key. You can choose to use an API key without applying
restrictions (called a “generic API key”) or a key with restrictions
applied for greater security. APIs in any platform may use a generic
API key.
You can optionally add a restriction (for example, IP address) to the
API key. Once restricted, a key will only work on platforms that
support that type of restriction. Four types of API key restrictions
are available:
IP addresses (individual servers) - for use with the web service APIs.
HTTP referrers (web sites) - for use with the Web APIs.
Android app restriction (by package name and fingerprint) - for use with the Android APIs.
iOS app restriction (by iOS bundle identifier) - for use
with the iOS APIs.
You need a different key for the webservices. You can't apply both HTTP and IP restrictions on the same key. You need HTTP Restrictions on your Google Maps Javascript API v3 key and IP Restrictions on your web service key.
I was able to successfully show the google maps on this page when the url was only http , now I after making it as https , it is giving errors like :
NetworkError: 403 Forbidden - https://maps-api-ssl.google.com/maps/api/js/ViewportInfoService.GetViewportInfo?1m6&1m2&1d41.88098829471135&2d-87.65924221147355&2m2&1d41.88841667852121&2d-87.6252154211187&2u17&4sen-US&5e0&6sm%40347000000&7b0&8e0&9b0&callback=xdc._1eql41&token=45632
Any suggestions on what I am missing here?
Based from this documentation, your http request should look more like this: http://maps.googleapis.com/maps/api/service/output?parameters. HTTPS is required for all Maps API web service requests containing user data, or developer identifiers. Requests made over HTTP that include sensitive data may be rejected.
Found also in this HTTP and HTTPS protocols are considered different URLs documentation that if HTTPS is authorized, HTTP is not necessarily authorized. If you'd like to authorize both at once, you may add a domain without using a protocol: example.com/.
A 403 Forbidden error means that you do not have permission to view the requested file or resource. While sometimes this is intentional, other times it is due to misconfigured permissions.
Why am I receiving a HTTP 403 Forbidden response to my Maps API web
service
requests?
An HTTP 403 response indicates a permission issue, likely because the
signature could not be verified for this request. This could be
because:
A signature has been specified but is incorrect for this request.
The request specifies a Google Maps APIs Premium Plan client ID but does not specify a signature, and the web service being called
requires that all requests made using a client ID include a valid
signature.
A signature has been specified but the associated Google Maps APIs Premium Plan client ID has not been specified.
Hope this helps!
I have a cross-platform app with cordova , but now the google map is not working.
I have this error :
MissingKeyMapError
I try to create new api browser key in google console with "*" authorization url , but still not working. i have this error : RefererNotAllowedMapError
the window.location.href of my app is :file:///Users/bahri/Library/Developer/CoreSimulator/Devices/757EE924-9884-44B1-BBF5-04CFF3D68C80/data/Containers/Bundle/Application/820BF808-DFF7-4AB0-8BF8-179D278E90D5/com.taxiwink.taxiwinkapp.app/www/index.html
How can I resolve this issue?
As per today (15 Jul 2020) the following http referrers allows to show a Google map in a cordova app:
iOS:
__file_url__//var/containers/Bundle/Application/*
__file_url__//private/var/containers/Bundle/Application/*
(credit to yannisalexiou for having added the last one which works from iOS13)
Android:
__file_url__//android_asset/www/index.html#/*
__file_url__//android_asset/www/index.html
cordova simulate (eg: simulate ios --target=chrome)
127.0.0.1
localhost
the referrers go into the Google Console API management (API-Project, credentials, referres) at:
https://console.cloud.google.com/apis/credentials/key/abcxyz?project=api-project-123456
NOTE: developed from the answers here https://github.com/wevote/WeVoteCordova/issues/55
MissingKeyMapError Error
The script element that loads the API is missing the required authentication parameter. If you are using the standard Maps JavaScript API, you must use a key parameter with a valid API key. If you are a Premium Plan customer, you must use either a client parameter with your client ID or a key parameter with a valid API key.
See the guide to API keys and client IDs.
From :
https://developers.google.com/maps/documentation/javascript/error-messages#deverrorcodes
https://developers.google.com/maps/documentation/javascript/get-api-key
Also:
Registering authorized URLs
To prevent a third party from using your client ID on their own website, the use of your client ID is restricted to a list of URLs that you specifically authorize.
To see the URLs you have already authorized or to authorize additional URLs:
Log in to the Google for Work Support Portal.
In the left-hand menu, click Maps: Manage Client ID.
You can add up to 100 URLs at a time, to a total of 3000 URLs. If you require higher limits, please contact support.
HTTP and HTTPS protocols are considered different URLs.
For example, if https://example.com is authorized, http://example.com is not necessarily authorized. If you'd like to authorize both at once, you may add a domain without using a protocol: example.com/
You should empty the list of authorized HTTP Referers for your key, in the API Console. This should make the map succeed (after a 5-min propagation delay).
Related issues (it's suggested to "star" them to get an update on their resolution):
Support API key restrictions with file:// referers
Google Maps
API error: MissingKeyMapError when loading from file://
UPDATE
Good news, now you can use file:/ referrers. You can see the following text in the documentation
file:// referers need a special representation to be added to the Key restriction. The "file:/" part should be replaced with "__file_url__" before being added to the Key restriction. For example, "file://path/to/" should be formatted as "__file_url__/path/to/*". After enabling file:// referers, it is recommended you regularly check your usage, to make sure it matches your expectations
https://developers.google.com/maps/documentation/javascript/get-api-key#key-restrictions
I have a worker (servlet) called by a queue in google app engine.
I can call an external URI for reverse geocoding like: http://nominatim.openstreetmap.org/reverse?format=xml&lat=51.0475&lon=3.5323&zoom=18&addressdetails=1
But when I try to call the "The Google Geocoding API" with/without the key parameter: http://maps.google.com/maps/api/geocode/json?latlng=51.0475,3.5323&sensor=false, I always get the following message: Attempt to access a blocked recipient without permission. (mapped-IPv4)
The billing is active, the key is also defined in the dev console, and the URL with the key work in my browser but not from app engine.
Any ideas? Thanks
to avoid the issue, i don't use anymore the org.apache.http.client package but now i use the com.google.appengine.api.urlfetch package.
Now the URI to google also work
thanks
I'm using Google Maps Web Services API for work, and they've given me a client ID. When I load up the main page, I don't get an error. However, when I click a sub-page, eg localhost:8080/pages/page.xhtml, I get an error called UnauthorizedURLforClientIdMapError, with the message that this URL is not authorized to use the provided Google Maps client ID.
For reference, Google discusses it in its documentation here: https://developers.google.com/maps/documentation/business/clientside/auth#registering_authorized_urls
With all that being said, I'm currently testing my server with TomCat using the URL http://localhost:8080. This domain has been authorized, as has my individual IP. In my view files, I'm adding this:
<script src="https://maps.googleapis.com/maps/api/js? &client=MY_CLIENT_ID
&v=3.19
&channel=MY_CHANNEL" type="text/javascript"></script>
where 'MY_CLIENT_ID' and 'MY_CHANNEL' are obviously changed to suit my needs (my client id and channel are correct). I've searched through stack overflow and also read all of the relevant Google Documentation but I feel like I'm missing something very small (or large, I'd hope not though).
What's going on?
Each URL that uses Google Maps for Work with the ClientID must be authorized to use that clientid.
You can find all the details here. But this is the summary:
The domain name or IP address does not have to be publicly accessible
All subdomains of a specified domain are also authorized.
All subpaths of an authorized path are also authorized.
Paths are case sensitive.
You may restrict valid URLs to those using certain ports.
HTTP and HTTPS protocols are considered different URLs.
If you are getting the UnauthorizedURLForClientIdMapError, look through the URL authorization rules and see if you simply need to add the URL to the list of authorized URLs.
Btw, here is the the list of Google Maps API Error Codes with explanations.
You must allow the referred URLs related to that Client ID in the Google support management portal.
Access to the Google Support Management portal - http://www.google.com/enterprise/portal - , login with your enterprise google account, then in the left menu, go to "Maps, Manage Client ID" link, select you client id in the combo, and in the "Enter the URLs" textarea, write the referrer URL you want to authorize and click on "Add URL" button.
If you are using a ClientID instead an API KEY to authenticate to Google Maps services, the referrer URLs must be authorized here. If you are using an API KEY, yo must authorize the referrer urls from the google developers console.