Publicly accessible Google API key for Google Cloud Platform project

  • Resolved jerryrcole

    (@jerryrcole)


    2 years ago

    I received the following security alert from Google Cloud Platform:

    We believe that you or your organization may have inadvertently published the affected API key in public sources or on public websites (for example, credentials mistakenly uploaded to a service such as GitHub.)

    It appears that the plugin is making the Google Maps API key publicly visible on the following line inside the <head> of all pages. Is this something I should be concerned about? 

    <script type='text/javascript' src='https://maps.googleapis.com/maps/api/js?sensor=false&amp;ver=6.1.1&amp;key={ApiKey}&amp;callback=rgmkInitGoogleMaps' id='script-google-maps-js'></script>
Viewing 1 replies (of 1 total)
  • Plugin Support alexrollin

    (@alexrollin)

    Hello,

    when you set up the key you should restrict that key to you own site. The key is published but no one else will be able to use it if you have restricted it to you domain from within the Google Maps API console.

Viewing 1 replies (of 1 total)
  • The topic ‘Publicly accessible Google API key for Google Cloud Platform project’ is closed to new replies.