Menu
I'm confused about how the HTTP Referrer settings work on Google Maps API Browser Keys.
I'm building a webpage that programatically requests images from Google Maps (primarily the Google Maps Street View Image API, but also does some queries of MaxZoomService and the Static Maps API from the Javascript API).
If I create a Browser key without an HTTP Referrer, it works great.
If I create a Browser key with an HTTP Referrer that matches the domain the page is loaded from, I get 403 errors. I'm using a referrer like *.mydomain.com/*
What's going on? If i set the HTTP Referrer to match the domain the page is loaded from, wouldn't that be correct usage of the referrer? I can go without, but am afraid that opens me up to others grabbing my key and using it. Am I misunderstanding how the referrer works?
828
There are a several reasons why your google maps may not be working, the most common issue being no Google Map API key set or set incorrectly. To use the Google Maps JavaScript API, you must register your app project on the Google Cloud Platform Console and get a Google API key which you can add to your app.
API keys with referer restrictions cannot be used with this API. When you set the referrer for the server key to the domain name instead of the IP address, then it will show this message. To fix this change the restriction from 'HTTP referrers' to 'IP Address' for the server key.
To add a new referrer, click "Add an item", enter the referrer URL and click Done. After all the needed referrers have been added, click SAVE at the bottom of the page.
According to the HTTP referrer placeholder in the console, the *.example.com/* should indeed work.
In practice, though, this indeed doesn't seem to be the case!
I was able to solve the issue by simply setting the referrer to:
example.com
For more information, have a look at Registering authorized URLs. Good luck!
163
If you use *.example.com/* you would have to come from either www.example.com or another subdomain, but this won't work if you are coming from example.com (notice the period in the first part of the URL)
If you have some sort of redirect to example.com that strips out the first part of the URL, the best regex to use in this case is simply *example.com/* that would cover all subdomains behind example.com, http or https and all contexts after your domain.
Hope it helps.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
