Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why don't I get a 'same origin policy' warning when using the Google Maps API?

I'm making a RESTful web service call in my JavaScript page and get the following warning:

"This page is accessing information that is not under its control. This poses a security risk. Do you want to continue?"

Now I've read up on this and am aware of the cross-domain, same origin policy. However, I don't get such warnings when I consume other APIs like Google's Maps API. Clearly the domain is not the same as my local domain. What is the difference?

My initial guess is that Google is 'imported' into the page using the <script> tag while my REST consumption is using XMLHttpRequest. IF that is the case, what is the difference between these two approaches that one would merit a warning and the other not?

like image 686
Jordan Parmer Avatar asked May 29 '09 14:05

Jordan Parmer


People also ask

Why isn't my Google Maps API working?

There are a several reasons why your google maps may not be working, the most common issue being no Google Map API key set or set incorrectly. To use the Google Maps JavaScript API, you must register your app project on the Google Cloud Platform Console and get a Google API key which you can add to your app.

How can I tell if Google Maps API is working?

Go to the Credentials section, which can be accessed from the left side bar under Google Maps Platform > Credentials. Check that the API key you currently use on your website is listed.

Is Google Maps API free for commercial use?

You won't be charged until your usage exceeds $200 in a month. Note that the Maps Embed API, Maps SDK for Android, and Maps SDK for iOS currently have no usage limits and are at no charge (usage of the API or SDKs is not applied against your $200 monthly credit).

Do Google Maps API key expire?

Expiration of public API Key The fact of the matter is Public API keys don't expire. They are valid for as long as you don't delete them. So feel free to request as much public data for as long as you want, with in the limitations of your quota of course. Welcome to the would of Developing with Google!


1 Answers

The following might explain things: http://markmail.org/message/5wrphjwmo365pajy

Also, they employ some script hacks (e.g. inserting a script into the DOM to get requested data, instead of XHR).

like image 53
Jonathan Fingland Avatar answered Sep 23 '22 17:09

Jonathan Fingland