GitHub user GitToTheHub added a comment to the discussion: Google Autocomplete Referrer
I asked Gemini if it is possible to use Google Maps JavaScript API in an Android app and restrict it by a keystore certificate fingerprint with the following prompt: > Can I use Google Places JavaScript API in an Android app in a WebView and > restrict access to the API key by storing the fingerprint of the certificate > from the KeyStore in the Google Cloud Console? It says: > Yes, you absolutely can use the Google Maps JavaScript API within an Android > app's WebView and secure your API key by restricting access based on the > SHA-1 certificate fingerprint from your Keystore in the Google Cloud Console. > > Here's a breakdown of why this works and how to implement it: > > Why it Works: > > WebView as a Browser Environment: A WebView is essentially an embedded web > browser within your Android app. When you load the Google Maps JavaScript API > in a WebView, it behaves as if it's running in a standard web browser. > > API Key Restrictions for Android Apps: Google Cloud Console provides a > specific restriction type for API keys that allows you to limit their usage > to Android applications based on their SHA-1 fingerprint of the signing > certificate. This is the standard and recommended way to secure your API keys > for native Android applications. > > No Direct "Android API" Restriction Required: Even though you are using the > JavaScript API, the WebView is operating within the context of your Android > app. Google identifies your app by the certificate it's signed with. Maybe Gemini is dreaming. @SailingSteve You said, you tried already to restrict access on iOS by the bundle id: > Adding the "bundle id" restriction to iOS, would be good for App Store apps, > sinve the bundle id won't be forged from signed apps, but the api requests > would have to come from native code. Googles API servers do not see API > requests from Webviews as coming from iOS, so that did not work for me. So you activated the ios app restriction by bundle id and tried to you use the autocomplete feature? So I presume, it didn't work or did it work? Because I would presume, that it would not work, because Google sees just an api request from a webview and should block it, because it's only allowed for an ios app with a specific bundle id. I don't know, if it is real possible to restrict the JavaScript API with the iOS-/Android app restriction but it's interesting for me if it's possible, because that would make a plugin redundant. GitHub link: https://github.com/apache/cordova/discussions/560#discussioncomment-13868885 ---- This is an automatically sent email for issues@cordova.apache.org. To unsubscribe, please send an email to: issues-unsubscr...@cordova.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org
