I'm no stranger to Google Maps APi, and have used it for years...but I am stumped. I've installed an exact copy of the latest code sample from Google Maps Javascript API: Simple Map. I then confirmed both my browser and server keys from Google Developers Console, added the refer two different ways(see below). Code works when I set the referer to * wildcard in console, but cannot use that in production.
Here's the skinny:
tested using latest example code from Google Maps API Javascript (Simple Map)
YOURAPIKEYHERE - replaced with an active browser key from my account
referer was tried as both *./domain.ext/* and domain.ext/*
Also tried a server key, with server IP as allowed referer.
CANNOT USE, BUT WORKED : used a wildcard for allowed referer using browser key, but I can't use that in production...anyone could use my key on my dime
SUSPECTED CULPRIT
Since the key works when I add a wildcard, but not with the referer domain name, it seems suspicious. This should indicate that the key works, but that the referer information is not getting passed to Google.
My site is behind CloudFlare. My research is not finding any answers anywhere, but I'm beginning to wonder if this could be the issue. Nothing else seems to work.
SOLUTION:
The google console specifically shows the format for this. But it is WRONG.
Instead of *./domain.ext/*
use: http://domain.ext/*
A special thanks to Google for crappy docs, and a very special thanks to the user that downvoted my question!
Note: Depending on your setup, it may be necessary to use: http://www.domain.ext/*
I did not test this as my use case excludes www.
I know you found a misconfiguration in your API key but I had the same issue and found a different fix.
Cloudflare can mess this up. Testing with mine now shows rocket loader and Brotli in the speed area stop google maps working. Deactivate them and clear the cache to fix.
Related
I'm having an unending issue trying to use the AppEngine API explorer with the stupidly simple helloworld example.
When trying to navigate to the url to explore the API my Chrome browser redirects to HTTPS from the default HTTP and no API's are listed. I have gone through every possible fix I can find (Like this, and all of these) and none are working reliably.
What's the most infuriating is I have gotten the API listed TWICE but now no longer displays with any of the methods below.
The setup I had when it worked the first time:
Chrome launched with "C:\Program Files (x86)\Google\Chrome\Application\Chrome.exe" --unsafely-treat-insecure-origin-as-secure=http://localhost:8080 (As per the tutorial)
The url being: (http://)apis-explorer.appspot.com/apis-explorer/?base=http://localhost:8080/_ah/api&root=http://localhost:8080/_ah/api#p/
The second time it worked was using also using the above URL but lasted only a second before being redirected to HTTPS and not listing anything.
Some specifics:
Windows 10 OS.
Every time the page loads I get the "The API you are exploring is hosted over HTTP, which can cause problems. Learn how to use Explorer with a local HTTP API." message, even the times the API displayed correctly.
Every time I now load any of the API Explorer URLs I get redirected to HTTPS, and nothing is listed. Also the URL is escaped (%3A instead of ':'). Not sure if it's important but the first time it worked the URL was HTTP and NOT escaped.
I have tried the shield in the search bar and enabling Load unsafe scripts ( from here).
Tried launching Chrome as usual and with the flags --unsafely-treat-insecure-origin-as-secure=http://localhost:8080 and/or --allow-running-insecure-content (from this answer).
Tried http://localhost:8080/_ah/api/explorer
Tried http://apis-explorer.appspot.com/apis-explorer/?base=http://localhost:8080/_ah/api#p/
http://localhost:8080/_ah/admin works correctly and shows the Admin console every time.
Since the API's being listed once I haven't touched the project code, but restarted the server, Chrome, and tried different URLs on more occasions than I care to count.
I also tried accessing the API URL directly as explained in this answer but cannot find the correct URL to access the helloworld /sayHi endpoint. Maybe someone can help me work out what I need to prefix it with as all of the variations I try give me a 404.
Any help would be a very very appreciated.
I'm trying to set a web service that needs the user's Google Latitude info, so I'm using Google OAuth to get the user authorization stuff.
However, when trying to set the redirection URI in the Google APIs Console for a web application client ID I get a message error if I try to set it to 'http://PUBLIC_IP/'.
I need to test it with non local users (thus localhost can't be used), so I would like to know if having a web domain is mandatory in order to use Google's OAuth. If not, how can I solve this issue?
This is not currently supported. I filed a feature request and will update on progress.
Update: Essential app verification activities have continued to make support of IP address-based apps unlikely. These verification activities are necessary to provide protections against abuse of user accounts. In addition, the cost of setting up dedicated domains has been reduced significantly since this feature was requested. Please read other responses here about possible options.
You can use xip.io to work around it.
For example: '192.168.0.50.xip.io:3000' will resolve to '192.168.0.50:3000'
I ran into this issue too and so I entered a URL with a .com extension and also entered it into my /etc/hosts file. Works like a charm.
It totally sucks that my entire app now has to be developed on an apparently 'live' domain though.
I used my public hostname. It helps if you have a static IP address. I used http://www.displaymyhostname.com/ to get my hostname. I plugged it straight into the Authorized JavaScript origins field when I created a new Web Application Client ID.
P.S. My hostname looked something like this: 111.111.111.111.static.exetel.com.au
You can use a dynamic DNS. I used ddns.net which offers a free solution. Basically, you enter your FQDN as this: yourcompany.ddns.net as your domain. When looked up for an IP address, the .net domain points to ddns; when ddns.net is looked up, it looks up in its database for your company, returns the IP. So mine looks like this: https://wigwam.ddns.net and everything works fine. You don't need to buy a domain, you can substitute your known IP, and Google is happy with that.
Your IP must be static, of course.
Yes, as of now you still need to have a domain name to use Google OAuth in your application. If you have a static public IP and don't want to buy a domain name, you could use a free subdomain from FreeDNS to link to your public IP. Seemed to work well enough for me with a Django app.
Echoing what Breno said in response to his earlier comment:
Apologies for the lack of updates here. Essential app verification activities have continued to make support of IP address-based apps unlikely. These verification activities are necessary to provide protections against abuse of user accounts. In addition, the cost of setting up dedicated domains has been reduced significantly since this feature was requested. Please read other responses here about possible options.
You can read more about Google's app verification requirements [1] and Google's policies requiring secure handling of data [2].
[1] https://support.google.com/cloud/answer/9110914?hl=en
[2] https://developers.google.com/identity/protocols/oauth2/policies#secure-response-handling.
xip.io is not working anymore as an alternative you can use nip.io the same way for example:
10.0.0.1.nip.io:8000 will resolve to 10.0.0.1:8000
It seems like xip.io is down, but there are alternatives such as sslip.io and nip.io. However, I couldn't get either of these to work.
I ended up hosting the main file server on the main machine, and ran said server on a 192.168.1.xx IP address. I then ran servers on each of the test machines (including a second server on the main machine), all of which were on the localhost address. Any requests that the localhost servers received were then passed off to the 192.168.1.xx server, which allowed testing on all of the devices.
This should also work with public facing IP addresses.
I'm implementing the login using google+ account in my website. For this I used the google plus api and while singin google + I got "Error:404 origin miss match". But I provided the right origin like my localhost url.Please suggest to me.
Thanks in advance.
You likely haven't set up the origin in the API console for your client ID. Make sure on the API console (https://developers.google.com/console) that the Javascript origin matches what you're using (including port number!). Note that this is different from the redirect URL - you may have set one, but not the other.
As Satal suggests though, posting some code if you still have problems would help - but I would definitely check you are using the client ID setup with the origin you expect.
I'm trying to set a web service that needs the user's Google Latitude info, so I'm using Google OAuth to get the user authorization stuff.
However, when trying to set the redirection URI in the Google APIs Console for a web application client ID I get a message error if I try to set it to 'http://PUBLIC_IP/'.
I need to test it with non local users (thus localhost can't be used), so I would like to know if having a web domain is mandatory in order to use Google's OAuth. If not, how can I solve this issue?
This is not currently supported. I filed a feature request and will update on progress.
Update: Essential app verification activities have continued to make support of IP address-based apps unlikely. These verification activities are necessary to provide protections against abuse of user accounts. In addition, the cost of setting up dedicated domains has been reduced significantly since this feature was requested. Please read other responses here about possible options.
You can use xip.io to work around it.
For example: '192.168.0.50.xip.io:3000' will resolve to '192.168.0.50:3000'
I ran into this issue too and so I entered a URL with a .com extension and also entered it into my /etc/hosts file. Works like a charm.
It totally sucks that my entire app now has to be developed on an apparently 'live' domain though.
I used my public hostname. It helps if you have a static IP address. I used http://www.displaymyhostname.com/ to get my hostname. I plugged it straight into the Authorized JavaScript origins field when I created a new Web Application Client ID.
P.S. My hostname looked something like this: 111.111.111.111.static.exetel.com.au
You can use a dynamic DNS. I used ddns.net which offers a free solution. Basically, you enter your FQDN as this: yourcompany.ddns.net as your domain. When looked up for an IP address, the .net domain points to ddns; when ddns.net is looked up, it looks up in its database for your company, returns the IP. So mine looks like this: https://wigwam.ddns.net and everything works fine. You don't need to buy a domain, you can substitute your known IP, and Google is happy with that.
Your IP must be static, of course.
Yes, as of now you still need to have a domain name to use Google OAuth in your application. If you have a static public IP and don't want to buy a domain name, you could use a free subdomain from FreeDNS to link to your public IP. Seemed to work well enough for me with a Django app.
Echoing what Breno said in response to his earlier comment:
Apologies for the lack of updates here. Essential app verification activities have continued to make support of IP address-based apps unlikely. These verification activities are necessary to provide protections against abuse of user accounts. In addition, the cost of setting up dedicated domains has been reduced significantly since this feature was requested. Please read other responses here about possible options.
You can read more about Google's app verification requirements [1] and Google's policies requiring secure handling of data [2].
[1] https://support.google.com/cloud/answer/9110914?hl=en
[2] https://developers.google.com/identity/protocols/oauth2/policies#secure-response-handling.
xip.io is not working anymore as an alternative you can use nip.io the same way for example:
10.0.0.1.nip.io:8000 will resolve to 10.0.0.1:8000
It seems like xip.io is down, but there are alternatives such as sslip.io and nip.io. However, I couldn't get either of these to work.
I ended up hosting the main file server on the main machine, and ran said server on a 192.168.1.xx IP address. I then ran servers on each of the test machines (including a second server on the main machine), all of which were on the localhost address. Any requests that the localhost servers received were then passed off to the 192.168.1.xx server, which allowed testing on all of the devices.
This should also work with public facing IP addresses.
I developed a weather app using google weather API
but from today it stopped working.
When I tried to access the weather API using location through browser it asks for human authentication.
How can my app work when it is like this? Is there a way to bypass the authentication process?
It's very odd behavior...I wonder if it has something to do with headers that are passed along as when I try loading the API url in Chrome, Unsupported API...or if I do same URL in Firefox, works just fine.
It's also worth noting that I tried setting up an Apache Proxy to Google's weather service by placing the following two lines in a separate Web Server's apache config and referenced the API via www.domain.com/weather/api?weather=Chicago and it still works...so that's my workaround for now:
ProxyPassReverse /weather/ http://www.google.com/ig/
ProxyPass /weather/ http://www.google.com/ig/
Try to change domain, ex: http://www.google.ca/ig/api?weather=Sondrio . It works (for now :D).
Looks like it is out of use from now on
Even using .CA it returns Unsupported API randomly.
Pity
Yeah, interesting, Google seems to send back random "Unsupported API" responses if the request is missing the cookies that the browsers (tested with Chrome and Firefox) are including with requests to the inofficial weather URL.
I've fixed my application by copying the entire "Cookie:" header I found when I ran the request in Firefox with Firebug's "Net" tab enabled.
Not sure where on .google.com the browser got the cookies from yet, I presume from using a personalized service like gmail.
if you are looking for a weather API that works right now, I have a suggestion…
Try Metwit Weather API, it's new but sounds very cool…
This api is really simple to use because it use standards that are available nowadays, like JSON and REST.
you can use this new api this has the same xml structure of google weather api
http://en.previmeteo.com/professionals/google-weather-api.php