GitHub user GitToTheHub added a comment to the discussion: Google Autocomplete Referrer
I read a little bit through the Google documentation [Google Maps Platform security guidance](https://developers.google.com/maps/api-security-best-practices#secure-client-side-ws-calls) and see, they really recommend the native SDKs to make calls, but, they also have solutions for `client-side web service calls` which can be made from an iOS/Android app. The solution can be: 1. [Use a proxy server](https://developers.google.com/maps/api-security-best-practices#proxy-server) 2. [Use HTTP Headers](https://developers.google.com/maps/api-security-best-practices#secure_direct_mobile_web_service_calls) by using `X-Android-Package` and `X-Android-Cert` for Android and `X-Ios-Bundle-Identifier` for iOS. Another side note here: **Apache Cordova** is related [there](https://developers.google.com/maps/api-security-best-practices#host-your-browser-based-apps-on-a-server): > Frameworks, such as Apache Cordova, allow you to conveniently create > multi-platform hybrid apps running inside a webview. However, API key website > restrictions are not guaranteed to work correctly, unless your web app is > loaded using HTTP or HTTPS from a website that you control and have > authorized. > > Bundled resources, loaded locally from within a hybrid application, or > accessed using a local file URL will in many cases prevent referrer based > authorization from working as the browser engine powering your webview will > omit sending the Referer header. To avoid this, host your web applications > server-side, not client-side. > > Alternatively, for mobile applications, consider using available native > Google Maps Platform Android and iOS SDKs, instead of using a web based SDK. But the documentation is old as it still mentions access using a `local file URL` which today is not the case anymore. So their solution is to have a server which make the api calls. But I think too, the recommended way is to use the native SDKs. Maybe we can ask the AI to create one :D GitHub link: https://github.com/apache/cordova/discussions/560#discussioncomment-13869042 ---- This is an automatically sent email for issues@cordova.apache.org. To unsubscribe, please send an email to: issues-unsubscr...@cordova.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org
