search

shukerullah / react-geocode

A React module to transform a description of a location (i.e. street address, town name, etc.) into geographic coordinates (i.e. latitude and longitude) and vice versa.
MIT License
207 stars 33 forks source link

Google maps API key is exposed #49

Open kanandam opened 7 months ago

kanandam commented 7 months ago

Hi there, I'm using this library for geocoding purpose in my react code, and the API key is exposed in the request under query params, is there a way to encrypt or hide it in the request?

image

TIA...

ziyaddin commented 7 months ago

Hi, it's impossible and it has been a known issue for a long time. Community recommends to create and use a separate API key for each type of operations (e.g. one for geocoding, one for map rendering, etc.) to at least decrease the negative impact of only one key being abused with all types of operations by a malicious user.

kanandam commented 7 months ago

Hey @ziyaddin , I've been using this other library for google maps component, it uses some methods to create a security layer for the request api, just letting you know if it can help. https://github.com/JustFly1984/react-google-maps-api/tree/master/packages/react-google-maps-api

cheers...

Aupire commented 6 months ago

Hi there, I'm using this library for geocoding purpose in my react code, and the API key is exposed in the request under query params, is there a way to encrypt or hide it in the request?

image

TIA...

Hi, It's not a problem to expose your api, you simply just restrict your apis from ip address or url website ... https://cloud.google.com/api-keys/docs/add-restrictions-api-keys

kanandam commented 6 months ago

@Aupire yes, I'm aware of restricting the API, but we don't have the access to the GCP to restrict, it's with client.