We are using Google Translate API using SDK in our app build using ReactNative. The Google API Key does not work when we make it restricted, however without restrictions it is working fine. Due to security reasons we have to make it restricted. Any help shall be appreciated.
Related
I see this question has already been asked but not all that recently so I am bringing it up again.
How do you hide your firebaseConfig file, or any secret key, in an expo application? (For production, not dev).
As far as I can tell, there is no way to properly hide the firebase config file with API keys etc in a react-native expo app.
Being that I have already built my entire app around interacting with firestore, I am a bit perplexed as to how to proceed forward.
If I eject, is there a way to properly hide my API key in a non-expo react-native-app? Or will I still face the same problem? Everything is working smoothly and I would prefer not to eject.
I have some experience using node.js/express.js as a backend (only ever in a development setting). Should I build myself a server and then serve the config info from there?
If I want to deploy a 'demo' app, is there a way to hide the keys while still using expo?
Any insight into this would be so helpful.
As far as I am aware there is no 'dotenv' package compatible with expo.
Also I have zero experience in deploying mobile apps, and very little in deploying web apps. I have not yet had to deal with securing keys in deployment.
Any help would be so appreciated.
It's not possible to effectively hide your Firebase config information. The best you can do is make it more difficult for someone to find them. Since all the JavaScript code is running on a computer or device that you don't control, you can't ensure that any of it is hidden from view.
In fact, you don't need to hide any of that. I suggest reading this: Is it safe to expose Firebase apiKey to the public?
If you're using Realtime Database, Firestore, or Cloud Storage, you should be using security rules to protect data so that only authorized users can access it.
I'm developing a cross platform app: Web, PWA, iOS (Cordova) & Android (Cordova).
I use the same code base, and Firestore & Auth are working well on all the platforms using only the Web SDK.
However, when I add the Firebase Analytic plugin, it works as expected on the Web / PWA, but the iOS / Android apps do not seem to send back anything.
Is there a way to make Analytic works using only the Web SDK? Or is it mandatory to use a Cordova Plugin?
Thank you in advance for your help.
Note: I'm using Framework7 & VueJS
Edit 1
It seems that cordova is officially supported for analytic with the web SDK.
So the question becomes: do you have any idea why the implementation is working for "normal" app and break when on cordova?
https://firebase.google.com/support/guides/environments_js-sdk#other_environments
Edit 2
Now that I know that it should work, I'm trying harder to find solutions.
First, I observed in the Safari Console that on y web app, I can observe calls to https://www.google-analytics.com/g/collect every time I'm logging an event.
I do not observe those calls on the Cordova app, which is most probably the reason why I do not receive anything in my Firebase Analytics.
The question becomes: why are those call not made in cordova, considering the js the same?
Edit 3
Ok, I think I found the explanation:
Google Analytics from a file:// url
The question becomes: since Analytic is loaded automatically with firebase, how can I make this configuration?
Ideally, I would like a way to set the client id using a hash of my user uuid (as I said in my post, I'm using Firebase Auth).
How can I dynamically change the value each time a user connect to the app? Can Firebase directly take care of this?
I am working on a web app that includes a map using the Google Maps Javascript API. It works on our development server, but whenever trying to access it on stage or production using our company domain, I get an RefererDeniedMapError.
The docs at https://developers.google.com/maps/documentation/javascript/error-messages#referer-denied-map-error clearly state that this error means Google has blocked our domain for violating ToS. An appeal was submitted but Google claims the domain is not blocked and to see further help here. I've already turned off all API restrictions and removed all referrer restrictions as well, but are still getting the same problems.
I can access the app by going directly to the web app server, but anytime I go through our company's domain name, the error returns, which leads me to believe that we are in fact blocked.
Has anyone experienced an issue like this or know of a workaround for this? I've looked through the related posts on the topic but have not found anything useful info to help resolve the problem.
Edit:
The website is using sensors to track packages in the mail for our customers and alerts them if the sensor gets too much light, is dropped, etc. There are no restriction methods at all. I've added a couple screenshots showing the maps working on development but not during testing.
Map working in development
Map not working on test server
At first look, it just seems to be a normal restriction error, however, since you've said that there are currently no restrictions applied in your API key and is working properly in server-side but not in production, this seems to be an issue with your API key, can you try to generate a new API key and use it in your website? If the issue still persist, then this will require a technical support from Google Maps Platform as this may be an issue in the GCP Console. You may file a support case via https://console.cloud.google.com/google/maps-apis/support in order to open personalized communication channel.
I'd like to get access to the API Testing console (the one mentioned in the Quick start of the Cognitive services translation services, useful to test the API without writing a single line of code), but I don't find any direct access to on the Microsoft Azure. Thanks in advance for your help.
I think the text you mention about the console is a copy-paste error from other cognitive services quick start page.
Generally with Cognitive Services, you can find webpages which seems to be hosted under Azure API Management, where you got the basic documentation and access to a testing Console. For example for West Europe, all the services are here: https://westeurope.dev.cognitive.microsoft.com/docs/services/
And for Anomaly Detector API, you can see the link to the testing console:
Sadly, it seems that there is not equivalent for Translator API.
You still have samples on Github that you can use, in several dev languages: https://github.com/MicrosoftTranslator
Or you can directly call the API with a tool like Postman, it is really easy to implement
I have several simple Javascript Google maps on two websites. What is project here - each map or everything ? Or maybe maps on one website are one project ? But they have nothing to do with each other. How many projects should be created and how many credentials ? So far I created one project and so many credentials as maps in it. But these maps are separated, almost all different, only few of them generated by one common php, but even in this case half of them are completely different in the internet.
I don't understand this at all.
Thank you.
Usually you should use one API Project for each "property" which is displaying maps. If you have one website where you tracking popular fishing spots and another website where you provide a directions to a local restaurant those should probably be two different API projects.
Each individual map shouldn't have it's own project.
Thanks. This is going to be a supplementary question. Yesterday I created already second project for maps located on second website (despite they have nothing to do with each other except location on the same domain), created new API keys for those maps and deleted their API keys in the first project, because they are in the second project now.
And maps can't be displayed any more. Google Maps is gray and displays information:
Oops! Something went wrong. This page didn't load Google Maps
correctly. See the JavaScript console for technical details.
The Javascript console says:
"Google Maps API error: DeletedApiProjectMapError
https://developers.google.com/maps/documentation/javascript/error-messages#deleted-api-project-map-error"
js:32:350
The same maps work fine without API key, but don't work with the new API key !
Here is an example:
http://darz-bor.info/mapy/puszcza/
I will keep this file with not working API key 1-2 days to allow you to see it and after that will remove API key.
How to make the new API keys working ?
go to Maps JavaScript API and Active this part.