Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #43385
    Amanda
    Participant

    Hi there, I did what you had mentioned in fourm discussion here: https://wp.storelocatorplus.com/forums/topic/error-in-adding-locations/#post-42998

     

    I’m still getting the following geocode error when trying to edit a location.

    https://wp.storelocatorplus.com/forums/topic/error-in-adding-locations/#post-42998

    #43386
    Amanda
    Participant

    So I copied the wrong thing.  I’m getting this error:
    <p style=”font-size: 13px; line-height: 1.5; margin: 0px; padding: 2px; color: #444444; font-family: -apple-system, BlinkMacSystemFont, ‘Segoe UI’, Roboto, Oxygen-Sans, Ubuntu, Cantarell, ‘Helvetica Neue’, sans-serif;”><span style=”font-weight: 600;”>Store Locator Plus needs attention:</span></p>

    <ul style=”padding: 0px 2px; list-style: none; margin: 0px; color: #444444; font-family: -apple-system, BlinkMacSystemFont, ‘Segoe UI’, Roboto, Oxygen-Sans, Ubuntu, Cantarell, ‘Helvetica Neue’, sans-serif; font-size: 11.7px;”>
    <li style=”margin-bottom: 0.25em;”><span style=”font-weight: 600;”>Read this if you are having geocoding issues.</span>
    Address #1938 : , , Alaska, California <span style=”color: red;”>failed to geocode</span>.
    Received status REQUEST_DENIED.
    Received data

    stdClass Object
    (
        [error_message] => Browser API keys cannot have referer restrictions when used with this API.
        [results] => Array
            (
            )
    
        [status] => REQUEST_DENIED
    )
    

    .

    I still do not see the options that the documentation says for the server key.  I only see a browser key option that I already have setup.  If you need access to take a look please let me know.

    Thank you!

     

    #43389
    Shad
    Participant

    Looks like you may need to set your Google API Key Restriction to None.
    Key restriction lets you specify which web sites, IP addresses, or apps can use this key. Learn more

    • None
    • HTTP referrers (web sites)
    • IP addresses (web servers, cron jobs, etc.)
    • Android apps
    • iOS apps

    Hope this helps.

    #44281
    Eric
    Participant

    I have the same issue. By setting the key restrictions to none, other people can just use our clients key. It is not secure. Isn’t there another way to give Store Locator Plus’s server and the website itself access to the API key?

    If that isn’t possible, the plugin is pretty lame.

    #44295
    Cici
    Keymaster

    Eric,

    Ask Google why they make the two API keys and the inability ti use referrer restrictions….this is an issue for the Google Developer console, and plenty of people have complained to Google about it.

     

    #44296
    Eric
    Participant

    Hi Cici,

     

    And so I asked. Now we wait…

     

    Hi,

     

    I am using Maps for a website I created: mydomain.nl. To use Google Maps, I had to set “none” at the restrictions section in the developer console. According to the Wp plugin makers Store locator plus this is the only way of using the key with there plugin. I have concerns about this as this use of the key isn’t save. Anyone can misuse my key atm.

    I tried to set a domain or ip to restrict the key. This gives me a notification that Maps hasn’t been set up properly.

    Can you fix this?

    Link to my question on the site of the plugin makers: https://wp.storelocatorplus.com/forums/topic/geocode-error/#post-44295

    Thanks in advance.

    Best regards,

    Eric

    #44297
    Lance Cleveland
    Keymaster

    The reason you cannot restrict the browser key on Google is that you have NO CLUE where your users are going to be coming from and what their IP address is.

    The main map on the website is using JavaScript to get the user’s location they type in (or from GPS if you have Power and Location Sensor on).     JavaScript runs in the browser = on the user’s device = from any IP address/location/browser type there is.     The script sends the address directly to Google which then returns the latitude/longitude.  That communication requires you have a Google Browser Key and no restrictions.   The fact that it is in cleartext and not pre-encrypted is a design/architecture decision by Google.   In theory, why should they care?  They get paid for usage of a registered key so someone snarfing that is not a huge priority for them.

    Could we use a more secure server based key to do this work?   Sure.    It is a lot more overhead and a lot more things to break. It adds several layers of complexity and data I/O requests for the same process.  That also means a performance hit which can be notable for your site visitors.    User enters address – send network request from browser to your server – your server re-packages that request and sends request to Google – wait for Google response back to your server – your server packages this and sends it back to the user’s browser.   This all must happen before a browser timeout, typically 60 seconds or less.    If ANYTHING has to be retried, a connection is down, etc. the requests will fail to return any results and the locator will appear to be broken.    The current architecture of SLP is user enters address – send request to Google – Google replies back to browser.

    Given the large number of sites we hear about that cannot properly geocode 2,000 locations in under 5 minutes on their servers it is obvious that many people are running their WordPress sites on underpowered servers.   That significantly increases the risk of putting your server in the middle of the front-end geocoding process and causing a WORSE user experience.

    In my opinion the real problem is Google’s blatant lack of security and using even basic encrypted keys on front-end browser based requests.   There are a number of methodologies they could use to deal with this including salts and time-based requests to encrypt the keys.  That is an issue for Google to sort out.

    In the meantime we’re considering adding the OPTION for a server-based versus browser-based Google Maps Key in the Premier Plugin for those customers that understand the risks of impact on the user experience and are certain they have a fast enough server to mitigate those risks.    The base product, however, will not change as we feel it provides the simplest solution and best overall experience for the majority of the 15,000+ sites running our plugins.

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.