Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #1154504

    Hi, I have a concern with the theme’s Google Services API. For the site, we are using an API key with no referrer restrictions that has the Maps Javascript API enabled and the Geocoding Service API enabled. I’ve checked the API key against the theme and the theme accepts it as valid key. One issue that I found is that even though we have the Maps Javascript API enabled, the map does not render properly on the locations page (I have that listed below). To get around that, we had to install another plugin, but I have that disabled right now. Another issue that I’m more concerned about is that the API key is exposed on the front-end via this code below. It seems like this is needed to render the map on the page, but I can’t test that since it doesn’t even render the map properly.

    
    <script id='avia_gmaps_framework_globals' type='text/javascript'>
     /* <![CDATA[ */  
    var avia_framework_globals = avia_framework_globals || {};
    	avia_framework_globals.gmap_api = 'API_KEY';
    	avia_framework_globals.gmap_version = '3.38';	
    	avia_framework_globals.gmap_maps_loaded = 'https://maps.googleapis.com/maps/api/js?v=3.38&key=API_KEY&callback=aviaOnGoogleMapsLoaded';
    	avia_framework_globals.gmap_builder_maps_loaded = 'https://maps.googleapis.com/maps/api/js?v=3.38&key=API_KEY&callback=av_builder_maps_loaded';
    	avia_framework_globals.gmap_backend_maps_loaded = 'https://maps.googleapis.com/maps/api/js?v=3.38&callback=av_backend_maps_loaded';
    	avia_framework_globals.gmap_source = 'https://maps.googleapis.com/maps/api/js?v=3.38&key=API_KEY';
    	avia_framework_globals.gmap_avia_api = 'https://SITE_NAME.wpengine.com/wp-content/themes/enfold/framework/js/conditional_load/avia_google_maps_api.js';
    /* ]]> */ 
    </script>
    

    I would be fine with exposing the API key if we could set a referrer restriction but it seems that the geocoding API doesn’t work when a referrer restriction is set. Can you help me with this? I have provided credentials below.

    #1155875

    Hey bythepixel,

    Thank you for the update.

    The API key should work with or without HTTP restrictions, but it is recommended to limit the key to a certain domain to prevent unauthorized usage. We checked the site and found these warnings related to the map in the console.

    Google Maps JavaScript API warning: NoApiKeys https://developers.google.com/maps/documentation/javascript/error-messages#no-api-keys util.js:231:27
    Google Maps JavaScript API warning: SensorNotRequired https://developers.google.com/maps/documentation/javascript/error-messages#sensor-not-required

    And we also checked the child theme and found a lot of modified files there. Did you happen to modify any scripts or files related to the map? Have you tried testing the map while the plugins are disabled?

    Best regards,
    Ismael

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.