Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • March 7, 2023 at 7:33 pm #1400390
    Advokatur_Online

    We got a warning from Google saying that the API key which we use for Google Maps is publicly accessible on our website.

    This is indeed the case: There are several JavaScript variables avia_framework_globals.* which contain this API key in the source code of the webpages which display a Google map.

    Is this a bug of the Enfold theme? Or is this just a false alarm?

    March 7, 2023 at 8:14 pm #1400399
    Rikard

    Hey Advokatur_Online,

    Which version of the theme are you running?

    Best regards,
    Rikard

    March 7, 2023 at 8:24 pm #1400402
    Advokatur_Online

    Hi Rikard,

    it’s v5.4.1. We had a much older version before, so I thought that upgrading to the most recent version might help, but this was not the case.

    Best regards,
    Martin

    March 10, 2023 at 3:50 pm #1400719
    Yigit

    Hi Martin,

    Could you please send a screenshot of the warning you are getting?

    We are going to forward this thread to our developers.

    Best regards,
    Yigit

    March 11, 2023 at 8:42 am #1400809
    Advokatur_Online

    Hi Yigit

    Since I don’t see an option to upload an image in this forum, I send you a link to a screenshot in the private section of this message.

    Please note that this link will expire after 1 month.

    Best regards,
    Martin

    March 11, 2023 at 7:39 pm #1400868
    Mike

    Hi,
    Thanks for the screenshot of your email from Google, please follow the recommendations in the email to add an API restriction to your API key so it can only be used on your site, this is best practice and is recommended by Google when setting up an API key.
    If your key had no restrictions then adding a restriction to your key will solve.
    If you already have a restriction on your key then you can ignore the email because the other site can not use the key.
    Please note that it may take a little while for any changes to take effect and you must have a linked billing account to the API key.

    Best regards,
    Mike

    March 12, 2023 at 9:52 am #1400901
    Advokatur_Online

    Hi Mike

    Thank you for this information.

    We have of course configured this restriction years ago. It’s strange that Google is sending out these warnings now without checking if an appropriate restriction exists. But it’s good to know that we are safe.

    Best regards,
    Martin

    March 12, 2023 at 11:59 am #1400908
    Mike

    Hi,
    Glad we were able to help, if you have any further questions please create a new thread and we will gladly try to help you. Thank you for using Enfold.

    Best regards,
    Mike

  • Author
    Posts
Viewing 8 posts - 1 through 8 (of 8 total)
  • The topic ‘Warning: Publicly accessible Google API key’ is closed to new replies.