Google maps giving 403 when switching from http to https - google-maps

I was able to successfully show the google maps on this page when the url was only http , now I after making it as https , it is giving errors like :
NetworkError: 403 Forbidden - https://maps-api-ssl.google.com/maps/api/js/ViewportInfoService.GetViewportInfo?1m6&1m2&1d41.88098829471135&2d-87.65924221147355&2m2&1d41.88841667852121&2d-87.6252154211187&2u17&4sen-US&5e0&6sm%40347000000&7b0&8e0&9b0&callback=xdc._1eql41&token=45632
Any suggestions on what I am missing here?

Based from this documentation, your http request should look more like this: http://maps.googleapis.com/maps/api/service/output?parameters. HTTPS is required for all Maps API web service requests containing user data, or developer identifiers. Requests made over HTTP that include sensitive data may be rejected.
Found also in this HTTP and HTTPS protocols are considered different URLs documentation that if HTTPS is authorized, HTTP is not necessarily authorized. If you'd like to authorize both at once, you may add a domain without using a protocol: example.com/.
A 403 Forbidden error means that you do not have permission to view the requested file or resource. While sometimes this is intentional, other times it is due to misconfigured permissions.
Why am I receiving a HTTP 403 Forbidden response to my Maps API web
service
requests?
An HTTP 403 response indicates a permission issue, likely because the
signature could not be verified for this request. This could be
because:
A signature has been specified but is incorrect for this request.
The request specifies a Google Maps APIs Premium Plan client ID but does not specify a signature, and the web service being called
requires that all requests made using a client ID include a valid
signature.
A signature has been specified but the associated Google Maps APIs Premium Plan client ID has not been specified.
Hope this helps!

Related

I have 2 unclear fields in console for Google Drive

Adding Create OAuth client ID in google console for Google Drive I encountered 2 unclear parameters :
Authorized redirect URIs and Authorized JavaScript origins:
Having home page of my site as
https://tads.my-demo-apps.tk
I filled with some url for this site : https://prnt.sc/ydQ2NCQO9Isu
My site has not any pages with such urls, but I can add them later.
Which urls these pages must have ?
Thanks!
For the redirect URIs you can check on the documentation on Create authorization credentials from Using OAuth 2.0 for Web Server Applications:
The redirect URIs are the endpoints to which the OAuth 2.0 server can send responses. These endpoints must adhere to Google’s validation rules.
And the javascript origins are explained on Create authorization credentials from OAuth 2.0 for Client-side Web Applications:
Applications that use JavaScript to make authorized Google API requests must specify authorized JavaScript origins. The origins identify the domains from which your application can send requests to the OAuth 2.0 server. These origins must adhere to Google’s validation rules.

Correct way to set HTTP referrers in "Accept requests from these HTTP referrers" field in google developer console

I need to secure my paid google map API key in google developer console.
I had try this in 'Credentials' tab, in api key settings.
Field label 'Accept requests from these HTTP referrers ...'.
If I'm right, this *.dev2.urelay.xyz/* must be useful for this URL - https://dev2.urelay.xyz/
But it doesn't work for me, I got this error in my console
Google Maps API error: RefererNotAllowedMapError https://developers.google.com/maps/documentation/javascript/error-messages#referer-not-allowed-map-error
Your site URL to be authorized: https://dev2.urelay.xyz/
*.dev2.urelay.xyz/* doesn't match https://dev2.urelay.xyz/ because it requires a period (.) that isn't in that URL.
dev2.urelay.xyz/* would match it. You only need the form *.dev2.urelay.xyz/* if you have a subdomain of dev2 that needs to host a map (like https://www.dev2.urelay.xyz/)

CORS issue doesn't occur when using POSTMAN

I have been using POSTMAN for sometime now for sending HTTP requests like GET, POST, PUT for RESTful Webservices. Recently came across a situation, when sending a request to my REST API through browser, I got a message that
No Access Control Allow Origin Header is present on the Requested resource.
The solution was ofcourse to add such an header to the API.
However strangely, When I sent the the same request through POSTMAN I was able to get back the response.
So I want to know how is sending a request through POSTMAN different from sending a request through browser.
I went through this question: CORS with POSTMAN, but it really doesn't provide an answer in detail.
From Cross-Origin XMLHttpRequest in Chrome Develop Extensions documentation:
Regular web pages can use the XMLHttpRequest object to send and receive data from remote servers, but they're limited by the same origin policy. Extensions aren't so limited. An extension can talk to remote servers outside of its origin, as long as it first requests cross-origin permissions.
Basically browser extensions have more privileges than web content. In the case of Chrome extensions, there is an option to enable cross-origin access.

Differences: JSONP vs GET

That's my question, what are the differences between those requests ?
I am having an issue with get request I am trying to perform, I am getting the error
XMLHttpRequest cannot load http://urbanetradio.com/wp-json/posts. The 'Access-Control-Allow-Origin' header has a value 'http://localhost:8100' that is not equal to the supplied origin. Origin 'http://run.plnkr.co' is therefore not allowed access.
that get request is toward my-site-url/wp-json/postswhich is a WordPress account. And this is the method I am using
so, someone says, use jsonp instead of get, but why?
Jsonp is what is used for web APIs that support cross origin resource sharing. The article below gives an example of how to make a request that supports cors. If the webapi is not configured to allow requests from your host you may not be able to make it work without changing the api though.
Web requests that support cors:
http://www.html5rocks.com/en/tutorials/cors/
Setting up a web api that uses cors:
http://mobile.codeguru.com/csharp/.net/net_asp/using-cross-origin-resource-sharing-cors-in-asp.net-web-api.html

Ajax Request in the same domain using jQuery

I have a question where my client is on http://web-dev.test.com and my MVC Services are on http://webdev01.test.com . So i am trying to use ajax GET and POST json requests from my client to mvc services but it is giving me cross domain error. Can anyone explain me what the problem is? and how I could resolve this?
Thankyou
From the documentation:
Due to browser security restrictions, most "Ajax" requests are subject to the same origin policy; the request can not successfully retrieve data from a different domain, subdomain, or protocol.
Script and JSONP requests are not subject to the same origin policy restrictions.
Making it a JSONP request, if possible, should not cause you those issues. Otherwise I'm afraid you are not going to be able to successfully complete your request.
You have two options using JSONP or CORS
For CORS you set http headers for your service so that you client will have access to it, eg
Access-Control-Allow-Origin: http://web-dev.test.com