我应该采取哪些措施来保护我的Google Maps API密钥? [英] What steps should I take to protect my Google Maps API Key?
问题描述
当我获得我的密钥时提供的示例显示了请求参数中嵌入的密钥,例如:
我已经获得了Google Maps API密钥。 / p>
< script src =http://maps.google.com/maps?file=api&v=2& ; amp; sensor = true_or_false& amp; key = my-keytype =text / javascript>< / script>
我明白请求中的referrer字段必须与我的域匹配,可以安全地使我的密钥可见在脚本标签和类似的?或者还有其他步骤我应该采取?
考虑到密钥必须包含在 然而,这并不重要:如果有人试图在另一个域名上使用此密钥,他们将得到一个Javascript警报 - 这对于其他用户来说并不好。 所以: I have obtained a Google Maps API key for my domain. The examples provided when I obtained my key show the key embedded in request parameters, for example: I appreciate that the referrer field in requests must match my domain, is it safe to make my key visible in script tags and the like? Or are there any other steps I should take? Considering that key has to be included in the Still, it doesn't really matter : if anyone tries to use this key on another domain than yours, they will get a Javascript alert -- which is not nice for ther users. So : 这篇关于我应该采取哪些措施来保护我的Google Maps API密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋! < script>< / code> HTML页面的标签,从谷歌的服务器加载JS文件/数据,没有什么可以做的:
<script src="http://maps.google.com/maps?file=api&v=2&sensor=true_or_false&key=my-key" type="text/javascript"></script>
<script>
tags of your HTML pages, to load the JS files/data from google's servers, there is nothing you can do :