pedrogius
commented
1 year ago I haven't used this extensively but my guess is you set up website restrictions on google cloud console, so that only requests from your website are accepted.
Closed edencorbin closed 1 year ago
pedrogius
commented
1 year ago I haven't used this extensively but my guess is you set up website restrictions on google cloud console, so that only requests from your website are accepted.
Oteiza-a
commented
1 year ago Same concern here, i saved the api key as an env var but from the client you can still easily get it. Any ideas?
Trent1900
commented
1 year ago I have the same concern here and I insert the script followed by corysimmons's suggestion from link with a dotenv file. There are still concerns about security and best practice, any suggestions?
Paul-Taiwo
commented
1 year ago Google recommends that you restrict your API keys.
https://developers.google.com/maps/documentation/javascript/get-api-key https://developers.google.com/maps/api-security-best-practices?authuser=1#restrict_apikey
Do you want to request a feature or report a bug? feature
What is the current behavior? api key goes in script tag
If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem. not a bug
What is the expected behavior? works fine
Which versions of ReactPlacesAutocomplete, and which browser / OS are affected by this issue? latest version
I'm wondering what a good practice is for using an api_key, I'm guessing its not okay to just include it in the script tag of the website as it could be taken easily. I could make the requests from my server instead, but it seems that this library requires the google api key directly via the script. I must be not understanding the standard approach here?