Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why don't I get a 'same origin policy' warning when using the Google Maps API?

Tags:

rest

javascript

security

cross-domain

google-maps

I'm making a RESTful web service call in my JavaScript page and get the following warning:

"This page is accessing information that is not under its control. This poses a security risk. Do you want to continue?"

Now I've read up on this and am aware of the cross-domain, same origin policy. However, I don't get such warnings when I consume other APIs like Google's Maps API. Clearly the domain is not the same as my local domain. What is the difference?

My initial guess is that Google is 'imported' into the page using the <script> tag while my REST consumption is using XMLHttpRequest. IF that is the case, what is the difference between these two approaches that one would merit a warning and the other not?

like image 686
Jordan Parmer Avatar asked May 29 '09 14:05

Jordan Parmer

People also ask

Why isn't my Google Maps API working?

There are a several reasons why your google maps may not be working, the most common issue being no Google Map API key set or set incorrectly. To use the Google Maps JavaScript API, you must register your app project on the Google Cloud Platform Console and get a Google API key which you can add to your app.

How can I tell if Google Maps API is working?

Go to the Credentials section, which can be accessed from the left side bar under Google Maps Platform > Credentials. Check that the API key you currently use on your website is listed.

Is Google Maps API free for commercial use?

You won't be charged until your usage exceeds $200 in a month. Note that the Maps Embed API, Maps SDK for Android, and Maps SDK for iOS currently have no usage limits and are at no charge (usage of the API or SDKs is not applied against your $200 monthly credit).

Do Google Maps API key expire?

Expiration of public API Key The fact of the matter is Public API keys don't expire. They are valid for as long as you don't delete them. So feel free to request as much public data for as long as you want, with in the limitations of your quota of course. Welcome to the would of Developing with Google!

1 Answers

The following might explain things: http://markmail.org/message/5wrphjwmo365pajy

Also, they employ some script hacks (e.g. inserting a script into the DOM to get requested data, instead of XHR).

like image 53
Jonathan Fingland Avatar answered Sep 23 '22 17:09

Jonathan Fingland
Sign in to Comment

Related questions

Removing the $(window).resize Event in jQuery
How can I check if a string is all uppercase in JavaScript? [duplicate]
Why use parentheses when returning in JavaScript?
Uncaught TypeError: $template.get is not a function
jquery's live() is deprecated. What do I use now?
Google Maps in Grayscale
How to cut off string after the first line in the paragraph
Convert milliseconds to hours and minutes using Momentjs
Updating javascript object property?
Setting maxlength of textbox with JavaScript or jQuery
JavaScript calculating date from today date to 7 days before
Check if a string starts with http using Javascript
How to get the day of the week from the day number in JavaScript?
Google Charts tooltip flickering
Use jQuery to navigate away from page
Determine if string is in base64 using JavaScript
Scroll smoothly to specific element on page
Android Chrome browser address bar shifts fixed element hitareas
Jasmine Runs Test Three Times
Serviceworker must be a dictionary in your web app manifest

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!