5

Google API key restriction - HTTP referrers

I put my Azure website url xxxx.scm.azurewebsites.net there but doesn't work (Google Places API Web Service stops working).

localhost:44300 doesn't work either.

I have to set key restriction to 'None', then Google Places API Web Service will work.

What did I do wrong?

xomena
  • 31,125
  • 6
  • 88
  • 117
martial
  • 3,773
  • 8
  • 33
  • 43
  • 1
    Ran into the same issue above. Tried Key restriction using IP address and it still didn't work. Has anyone had any success using Key Restrictions and can confirm the exact steps. Works fine without restrictions seems strange that Key Restrictions aren't simpler to setup using HTTP referrers or IP address so must be missing something. In our use case we are using Google Site Search as a websites search page so the origin of the search should be easy enough to restrict as being the genuine source of the query. – Robin Mar 27 '17 at 13:14
  • Possible duplicate of [Googlemaps API Key for Localhost](https://stackoverflow.com/questions/39329874/googlemaps-api-key-for-localhost) – Liam Jan 26 '18 at 14:16
  • Possible duplicate of [Google Maps v3 API key won't work for local testing](https://stackoverflow.com/questions/23118546/google-maps-v3-api-key-wont-work-for-local-testing) – emersonthis Jan 28 '18 at 16:43

3 Answers3

6

Web Service is supposed to be executed on backend servers, so the correct restriction for web services is IP restriction.

HTTP referer restriction is used for client side services like Google Maps JavaScript API, it won't work with web services.

xomena
  • 31,125
  • 6
  • 88
  • 117
  • 2
    What if sending requesting from Google Appengine servers. Doesn't the IP change? How would you do IP Restricting? How would you find out the IP? – mparkes Sep 10 '18 at 00:14
0

To accept requests over localhost and HTTP (HTTP referrers) in Google Maps API, follow the instructions in the javascript console printed out by the Google Maps API (it tells you exactly what to do):

Google Maps API error: RefererNotAllowedMapError https://developers.google.com/maps/documentation/javascript/error-messages#referer-not-allowed-map-error

Your site URL to be authorized: http://localhost:3000/en

The line Your site URL to be authorized indicates which value you have to set up in Accept requests from these HTTP referrers (websites)

In this case, e.g. for a Ruby on Rails App, it is:

http://localhost:3000/en

But you can do better, by using asterisks for wildcards:

*localhost:3000/*

To set the value to localhost:3000/* does not work!

viktorianer
  • 92
  • 2
  • 5
0

I have Wordpress click-to-deploy on the subdomain www.mydomain.com, in a VM on Google Cloud Platform with the account account_1@gmail.com.

Also, I have a web app on Firebase Hosting on subdomain app.mydomain.com, with account account_2@gmail.com.

The user logs into Wordpress, the PHP backend creates the user in Firebase Auth via POST API Rest, receives the response, and allows or disallows access to the application.

To prevent malicious use of the Firebase API (which is visible in the app) I enabled HTTP restrictions.

In these restrictions I put:

  • the domains of my application (*.mydomain.com/* and mydomain.com/*).
  • the firebase functions domain (*.firebaseapp.com/* and firebaseapp.com/*).
  • the google analytics domain (*.googleapis.com/* and googleapis.com/*).

I thought it would be enough but Wordpress stopped being able to send information.

SOLUTION: I used 'ping' in the linux terminal, pointing to my Wordpress site (ping www.mydomain.com) and got the following:

64 bytes from xx.yy.zzz.aa.bc.googleusercontent.com (xx.yy.zzz.aa): icmp_seq=70 ttl=56 time=199 ms

I copied the root domain (googleusercontent.com) and added it in the API restrictions and voila, it worked.

(Sorry if my English has mistakes).

Juan Guillermo
  • 1