I am working on a web app that includes a map using the Google Maps Javascript API. It works on our development server, but whenever trying to access it on stage or production using our company domain, I get an RefererDeniedMapError.
The docs at https://developers.google.com/maps/documentation/javascript/error-messages#referer-denied-map-error clearly state that this error means Google has blocked our domain for violating ToS. An appeal was submitted but Google claims the domain is not blocked and to see further help here. I've already turned off all API restrictions and removed all referrer restrictions as well, but are still getting the same problems.
I can access the app by going directly to the web app server, but anytime I go through our company's domain name, the error returns, which leads me to believe that we are in fact blocked.
Has anyone experienced an issue like this or know of a workaround for this? I've looked through the related posts on the topic but have not found anything useful info to help resolve the problem.
Edit:
The website is using sensors to track packages in the mail for our customers and alerts them if the sensor gets too much light, is dropped, etc. There are no restriction methods at all. I've added a couple screenshots showing the maps working on development but not during testing.
Map working in development
Map not working on test server
At first look, it just seems to be a normal restriction error, however, since you've said that there are currently no restrictions applied in your API key and is working properly in server-side but not in production, this seems to be an issue with your API key, can you try to generate a new API key and use it in your website? If the issue still persist, then this will require a technical support from Google Maps Platform as this may be an issue in the GCP Console. You may file a support case via https://console.cloud.google.com/google/maps-apis/support in order to open personalized communication channel.
Related
We are using Google Translate API using SDK in our app build using ReactNative. The Google API Key does not work when we make it restricted, however without restrictions it is working fine. Due to security reasons we have to make it restricted. Any help shall be appreciated.
I launched a game to the Google Play store recently and it was going good until now. I just received an email from Google that says that "One or more of your apps contains an Intent Redirection vulnerability that puts user data at risk " and tells me I need to fix it by August 13.
I personally don't collect or demand any user data or info. However, I used Google Admob ads with Facebook mediation and Unity ads in my game which may be the cause of this problem. So, my question is how to overcome this problem? They also said in the email to make changes in the manifest file. If any one has a similar problem and knows the solution for it, your help would be appreciated.
Here is the email:
"One or more of your apps contains an Intent Redirection vulnerability that puts user data at risk. On August 13, 2019, any apps that contain unfixed security vulnerabilities beyond the dates listed on your Play Console alerts will be removed from Google Play.
Action required
Sign in to your Play Console.
Select Alerts to see which apps contain a security vulnerability, and review the guidance on how to resolve the vulnerability.
Update your affected apps to fix the vulnerabilities.
Submit the updated versions of your affected apps.
Upon resubmission, your app will be reviewed again. This process can take several hours. If the app passes review and is published successfully then no further action is required. If the app fails review then the new app version will not be published and you will receive notification via email."
I was having the same issue "intent redirection your app(s) are vulnerable to intent redirection" and I added exported="false" in every activity, but still got rejected, then I realized the problem was in one of the payment libraries I was using, all I had to do is update the library and the new app update got live.
my issue was in RazorPay payment gateway, I updated it from 1.6.3 to 1.6.6 (latest)
implementation 'com.razorpay:checkout:1.6.6'
they already mentioned this issue here, check it out https://github.com/razorpay/razorpay-android-sample-app/issues/202
I have a same issue, actually Latest Unity Add Xiaomi SDK by default which cause this issue.
Simple remove Xiaomi from your Unity it will fix the issue.
We had received a similar email, In the Play Console/Alert tab, we found this
for us, the reason is "com.androidnative.features.social.common.SocialProxyActivity.StartActivity"
which come from Android Native asset[Ultimate Mobile] - Unity3D.
We used that asset for Advertisements, In-app purchase and play game services instead of using the original SDK. So the possible solution is to remove that asset from our game and use the original SDK.
Here is the Screenshot of my alert.
There are several points to keep in mind to resolve that issue:
The most confusing: you must rollout affected application fixed APK/AAB to 100% on all tracks where it had place to be. Important note is that among others you must rollout production track release to 100% in order to Google to reconstruct your issue.
In the new version of Play Console there is no way to find out any specific information about the issue so you should email Google Support to ask for details. As a respone you may possibly get obfuscated method or class signature, so you need to deobfuscate it.
Read carefully through official document to address issues and resolve them. Our application got rejected because SMS BroadcastReceiver did not apply any permission restraints.
Ihsan Ali
The problem is in the UnityChannel.aar file, you need to open it with the help of the archiver and open the AndroidManifest.XML. I in the line android:exported="true" wrote a false as indicated in the article in Google. Now publish the version and if the error will no longer be reported.
I had the same issue. Just remove xiaomi app game centre from your unity>>game build option. Disabling it will surely clear out the issue.
>>>> BACKGROUND ON THE ISSUE <<<<
We were using Google Apps for Business when we started with the project. This allowed us to use the Google Developer Console (https://console.developers.google.com/) with our #company.co.za accounts and also to “login with Google” using our #company.co.za accounts. It turns out that the Google Developer Project (where the API keys are) was created using an ex-colleague's #company.co.za Google account.
When we moved from Google Apps for Business to Office 365, we lost the ability to login to the Google Developer Console with our #copany.co.za accounts. By then the colleague wasn’t working here anymore and I guess it all happened so quickly that we didn’t make sure to tie up all the loose ends.
Now we need to transfer development of the app and subsequently all related 3rd party projects and things, to the client for future development, but I cannot access the Google project.
This will require them to create a project on their side, generate new API keys for using the Google Maps API etc. And then update the apps (Android and iOS) with the new API keys.
>>>>> THIS IS MY QUESTION <<<<<
However, and this is where my question comes in, the apps are still working and happily accessing Google Maps. This makes me think that the project must still be somewhere.
I tried to access the Google Help pages, but because we're on a Bronze package, we can only find support information in their developer communities and online documentation listed here:
Join a Community
Service Disruption Notification
Best Practice Guides
But I thought to ask here too because SO is very reliable with answers :)
So, any idea if the project is still live somewhere? Or should we just create a new project with new API keys?
I don't think this is a stackoverflow question since it's not directly programming related. However, if you want to regain access to you project, this should be fairly simple and i hope this helps:
Create a new Google Apps for Business account with your domain (or maybe your old apps domain still exists?) and a single account. If you choose monthly payment the costs will be only a few bucks.
As the Google Apps domain administrator you should be able to access all appengine projects that belong to users of the same domain. If it doesn't you can contact Google support to reassign the projects. Alternatively: You may be able to recreate an account that owned the app. If you don't know the owner email, it is shown in the consent screent for oauth. With that email, try to access the project.
Create a Gmail account and transfer project ownership to this Gmail account
Delete the Google apps domain to avoid additional costs
All this is doable within an hour.
In case it doesn't work i would suggest you contact your Google sales representative or reseller and tell him, that you would like to purchase silver level support, but only if he can restore the permissions for you. This will cost you more, but if you have to access the project it may be the only way.
Last but not least:
You can contact Google support. You don't need silver level support for that. It will just take a lot longer to process your request. While in contact with the Google support you will have to prove that you are in fact the owner of the domain, which is usually done by adding a TXT record to your domain or uploading a file to your web server, so make sure you have access to your domain's DNS zone files / settings or web server document root.
I was just wondering if someone could shed some light on why I am seeing 403 Forbidden errors for my google maps services.
I had been loading the maps api as such:
<script type="text/javascript" src="//maps.googleapis.com/maps/api/js?libraries=places&sensor=false"></script>
And then using both the geocoding and autocomplete libraries to turn user searches into co-ordinates to display on a map on my search results.
This was working perfectly (for months) until yesterday, when I started seeing 403 Errors whenever the Autocomplete service was accessed.
I am 100% confident I wasn't reaching the 25k per day limit on queries, and I made no code changes on my side.
I have now added in an API key to my script load, and the problem dissapeared, but I want to be sure this doesn't happen again. Location based search is a main feature on our site, and if it breaks, we lose customers.
Does anyone have any insight as to why this may have happened?
And under what circumstances can it happen again?
This problem just re-emerged even with an API key set - and I think the issue actually lies with caching the google maps javascript.
I have my web server dynamically decide what javascript to combine, minify and cache locally. This is done using RequestReduce.
When the client-side javascript becomes stale (roughly 3 days in my case) - google returns 403 unauthorized.
The API key was just a red herring. I can remove the key and my code still works - as long as the maps js is "fresh".
In my case, the fix was to add maps.googleapis.com to the RequestReduce ignore list:
javascriptUrlsToIgnore="maps.googleapis.com"
For others, just make sure to not cache the maps.googleapis.com javascript for more than a few hours, if at all.
The Google Maps JavaScript API recently advanced a minor version increment to 3.9changelog and the default version advanced from 3.6 to 3.7. I notice that you aren't specifying a version in the URL you use to load the Google Maps JavaScript API library, so you retrieve the default version, 3.7. One important thing about version 3.7 is that it now requires the use of keys for some libraries. Info about which version you should use is available in the Versioning section of the Developer's Guide.
A few others have run into similar problems, but if you are running fine after adding the key, you should be good. If you would like to receive notifications about Google Maps API changes in the future, you may register for notifications.
Do you know if it's possible to build an application for the LinkedIn platform?
Yes, they have API at http://developer.linkedin.com/index.jspa, allowing access to the profile, connections, messaging and more.
While LinkedIn has promised a public API for a very long time now, they have yet to deliver.
No, there is no public LinkedIn API yet.
IMO, their widgets (which there are only two of at the moment, which are very limited) don't count.
They say that they are open to being contacted with specific uses for their API and they may give access to parts as needed - but that is if they accept your ideas for integration. They have been very picky with this - and have not accepted my attempts to integrate with LinkedIn yet, they tell me I have to wait with everyone else, apparently my applications are not "high-profile" enough.
Sure, you'll find many Google results talking about their "promised" API, but they are empty promises and won't be of much help.
Yes, Linkedin has an API:
http://www.programmableweb.com/api/linkedin
http://blog.linkedin.com/blog/2007/12/the-intelligent.html
So you could build an application that uses it.
Update: (from second link)
We’ll be phasing all of this in over the coming months and to get involved with the Intelligent Application Platform either for APIs, widgets, or hosted applications, send us an e-mail to developers#linkedin.com telling us what you want to build and what you need to build it.
Since there are published Mashups using LinkedIn I would assume that means you can use the API even if the documentation isn't readily available.
As a tip, in the future include links to what you found that didn't work, so we know not to give it to you again.
I poked around a bit more and I found some more on their widgets which appears to be the main focus of their API.