Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Setting HTTP Referrer on Maps API Browser Key Results in 403 Error

I'm confused about how the HTTP Referrer settings work on Google Maps API Browser Keys.

I'm building a webpage that programatically requests images from Google Maps (primarily the Google Maps Street View Image API, but also does some queries of MaxZoomService and the Static Maps API from the Javascript API).

If I create a Browser key without an HTTP Referrer, it works great.

If I create a Browser key with an HTTP Referrer that matches the domain the page is loaded from, I get 403 errors. I'm using a referrer like *.mydomain.com/*

What's going on? If i set the HTTP Referrer to match the domain the page is loaded from, wouldn't that be correct usage of the referrer? I can go without, but am afraid that opens me up to others grabbing my key and using it. Am I misunderstanding how the referrer works?

like image 828
mix Avatar asked Nov 23 '15 22:11

mix


People also ask

Why is my Google Maps API key not working?

There are a several reasons why your google maps may not be working, the most common issue being no Google Map API key set or set incorrectly. To use the Google Maps JavaScript API, you must register your app project on the Google Cloud Platform Console and get a Google API key which you can add to your app.

How do you solve API keys with referer restrictions Cannot be used with this API?

API keys with referer restrictions cannot be used with this API. When you set the referrer for the server key to the domain name instead of the IP address, then it will show this message. To fix this change the restriction from 'HTTP referrers' to 'IP Address' for the server key.

How do you add a referrer to Google Maps?

To add a new referrer, click "Add an item", enter the referrer URL and click Done. After all the needed referrers have been added, click SAVE at the bottom of the page.


2 Answers

According to the HTTP referrer placeholder in the console, the *.example.com/* should indeed work.

In practice, though, this indeed doesn't seem to be the case!

I was able to solve the issue by simply setting the referrer to:

example.com

For more information, have a look at Registering authorized URLs. Good luck!

like image 163
Julian Laval Avatar answered Nov 02 '22 23:11

Julian Laval


If you use *.example.com/* you would have to come from either www.example.com or another subdomain, but this won't work if you are coming from example.com (notice the period in the first part of the URL)

If you have some sort of redirect to example.com that strips out the first part of the URL, the best regex to use in this case is simply *example.com/* that would cover all subdomains behind example.com, http or https and all contexts after your domain.

Hope it helps.

like image 22
Daniel Mendoza Avatar answered Nov 02 '22 23:11

Daniel Mendoza