api key showing in page source

New home Forums Basic Version api key showing in page source

  • This topic has 3 replies, 2 voices, and was last updated 2 months ago by Dylan.
Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #61502
    virtualwayva
    Participant

    In the process of creating an API key, I noted the section that Google has on “Protecting API keys”. I could be off in my interpretation, but I was with the impression that the API key was not something we would want the general public to have access to. However, I noticed it is showing in full, in the midst of a lengthy chunk of code and informational writeup within the page source (13,000+ characters in length), following
    /* <![CDATA[ */
    var WPGMZA_localized_data =

    Is this as it should be?

    #61519
    Dylan
    Moderator

    Hi there,

    Thank you for your time, we do appreciate it.

    Yes, exposing the API key is required as it must be passed to the Google Maps API with the initial map load. This is handled by the API directly, however, it is protected by your API restrictions.

    We do have a document regarding this here: https://www.wpgmaps.com/documentation/ensuring-your-referrers-are-properly-inserted/

    Protecting your API key in this way ensures that the key cannot be used on any other domains, outside of the approved domains for the key.

    I hope this helps to clarify the process a bit?

    #61521
    virtualwayva
    Participant

    Dylan, thanks for your reply. I’m still confused as to why so much of the text (which is not showing on the front of the website) is appearing in the page source. For instance, here is just a small part of what shows:

    “I agree for my personal data to be processed by <span name=\”wpgmza_gdpr_company_name\”><\/span>, for the purpose(s) of <span name=\”wpgmza_gdpr_retention_purpose\”><\/span>.\r\n<\/p>\r\n\r\n<p>\t\r\n\tI agree for my personal data, provided via map API calls, to be processed by the API provider, for the purposes of geocoding (converting addresses to coordinates), reverse geocoding and\tgenerating directions.\r\n<\/p>\r\n<p>\r\n\tSome visual components of WP Google Maps use 3rd party libraries which are loaded over the network. At present the libraries are Google Maps, Open Street Map, jQuery DataTables and FontAwesome. When loading resources over a network, the 3rd party server will receive your IP address and User Agent string amongst other details. Please refer to the Privacy Policy of the respective libraries for details on how they use data and the process to exercise your rights under the GDPR regulations.\r\n<\/p>\r\n<p>\r\n\tWP Google Maps uses jQuery DataTables to display sortable, searchable tables, such as that seen in the Advanced Marker Listing and on the Map Edit Page. jQuery DataTables in certain circumstances uses a cookie to save and later recall the \”state\” of a given table – that is, the search term, sort column and order and current page. This data is held in local storage and retained until this is cleared manually. No libraries used by WP Google Maps transmit this information.”

    #61531
    Dylan
    Moderator

    Hi there,

    Only a pleasure, happy to help wherever possible! 🙂

    The additional information/data which is present in the page source is all localized information from the plugin. This data is used in our JavaScript modules to allow your settings to be pushed to the frontend of the website.

    Meaning if you alter an option in the setting area of WP Google Maps, these changes are pushed to the frontend of the website, within these hidden source tags.

    Our JavaScript modules then reference these settings when building your map, and when a visitor interacts with the map on the frontend.

    I hope this helps?

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.