admin管理员组文章数量:1323714
I am using the google maps api on my website and would like to use my API key, but I'm confused about how to keep it safe. I know that I could just hardcode the actual key right into index.html
<!DOCTYPE html>
<html>
<head>
<script src=".exp&sensor=false&key=HARDCODED_KEY"></script>
But then it's right there for anyone to see when they view the source code for the site. I also don't want it to show up in the DOM if someone's viewing the site with a debugging tool, like Firebug.
I'm assuming that there is a way to store it in a separate file (probably outside my html/ directory) that I can source. If anyone could provide an example or ment on whether this approach would be relatively secure, I'd really appreciate the help. I've found other posts on this topic, but none that apply for this (relatively simple) case.
I am using the google maps api on my website and would like to use my API key, but I'm confused about how to keep it safe. I know that I could just hardcode the actual key right into index.html
<!DOCTYPE html>
<html>
<head>
<script src="https://maps.googleapis./maps/api/js?v=3.exp&sensor=false&key=HARDCODED_KEY"></script>
But then it's right there for anyone to see when they view the source code for the site. I also don't want it to show up in the DOM if someone's viewing the site with a debugging tool, like Firebug.
I'm assuming that there is a way to store it in a separate file (probably outside my html/ directory) that I can source. If anyone could provide an example or ment on whether this approach would be relatively secure, I'd really appreciate the help. I've found other posts on this topic, but none that apply for this (relatively simple) case.
Share Improve this question asked Sep 24, 2015 at 14:22 Megan MallardMegan Mallard 891 silver badge6 bronze badges 2- 3 The browser key is safe to display in you HTML (it has to be there and sent to the browser). You need to set the referrers for the key so it only works on sites you own. – geocodezip Commented Sep 24, 2015 at 14:29
- 1 @geocodezip Thanks for the clarification. I saw some documentation that warned against putting api keys directly in code, so I thought I needed a better solution. But it sounds like as long as I set it up through the google developers console so that only my site can use the key, then it's secure even if it's hardcoded. Cool :) – Megan Mallard Commented Sep 24, 2015 at 14:34
2 Answers
Reset to default 7Just set the referrers, as mentioned in the documentation:
To prevent other applications from using your key and consuming your quota, you can limit the IP addresses that can use your API key to send requests:
Visit the Google Developers Console and log in with your Google account.
Select the project that was created for you when you signed up. The project name will start with Google Maps API for Work.
In the sidebar on the left, select Credentials.
Find the key you're using under the Public API Access heading, and click Edit allowed IPs.
Enter the IP addresses from which your key is to be accepted, one per line. You may also enter a subnet using CIDR notation (e.g. 192.168.0.0/22).
Also you may e up with this question after you set the referral, I think you'll find it useful.
Store the API in a text file. Then, use jQuery $.get()
to retrieve it. Make sure the configure your .htaccess file to disallow direct TXT file access.
To load Google Maps API dynamically, use $.getScript()
in your code, right before you need the map.
Google also remends restricting API usage by referral and/or IP address.
本文标签: javascriptHow to google maps api keys safe on websiteStack Overflow
版权声明:本文标题:javascript - How to google maps api keys safe on website - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742127150a2421992.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论