Skip to main content
All CollectionsSecurity & ComplianceFlusk
How do I fix the Unsafe Google Maps API Token issue flagged by Flusk?
How do I fix the Unsafe Google Maps API Token issue flagged by Flusk?
Updated over a month ago

First, it's important to know that your Google Maps API Key is public. This means that everyone can have access to it. This issue is fired when those 2 conditions are met:

  • We found a Google Maps API Key in your app

  • We are allowed to send requests from our server

If these 2 conditions are met, it means that you did not restrict your Google Maps API Key to being triggered only from your app URL. In other words, this means everyone could grab your API Key and use it normally when it will be you who will be billed.

Solution

In order to fix this issue, you have to restrict access to the Google Maps API using your API Key only from your app domain.

In order to do this, here are the steps you have to follow:

  1. Log in to your Google Cloud Console and navigate to "APIs and Services", and then to "Credentials". Here is a direct link.

  2. Click on the API Key you want to restrict (in my case, "Clé API 1").


  3. Under "Set an application restriction", choose "Websites"


  4. Then, enter these 4 values considering "myapp" as your App ID (See here how to find your App ID) and "mydomain" as your application domain. Please note that the example adds each URL two times: 1 normal, and 1 with 'version-test' to also allow requests from your test version.


  5. Once this is done, click the "Save" button.

Did this answer your question?