Stuck on location

71 views
Skip to first unread message

Peter Vansweevelt

unread,
Nov 7, 2016, 10:50:04 AM11/7/16
to alfio
Hello

We use alf.io version v.1.6.2 with success to present and manage our events.
A few weeks ago, we wanted to add some events, but get stuck on the location, which wasn't found and no timezone could be detected.
The address is the same as in other events (see e.g. https://alfio-staproeselare.rhcloud.com/)
We didn't change anything of the API-keys (checked them twice) or other admin-settings.

In the API-environment of Google, client-errors (4xx) are registrated in the Google Maps Geocoding en Google Static Maps API.

Anyone can find a reason for this?

Kind Regards

Peter

Celestino Bellone

unread,
Nov 8, 2016, 2:16:40 AM11/8/16
to al...@googlegroups.com
Hello Peter,

it looks like that your public/private keys for google maps aren't valid anymore. For example, on your first event (triatudelmundo1600) I get this if I open the map image in a new tab:

The Google Maps API server rejected your request. This IP, site or mobile application is not authorized to use this API key. Request received from IP address 194.230.159.108, with referer: https://alfio-staproeselare.rhcloud.com/event/triatudelmundo1600/
I don't know why the key has been invalidated, but I would suggest you to regenerate both public and server key. If you need help with that, please refer to https://github.com/exteso/alf.io/issues/76#issuecomment-143015876 

Once you've re-generated the tokens (remember to allow access from domain alfio-staproeselare.rhcloud.com), you can safely modify the new keys in the config.

hope that helps,
Celestino

P.S.: yesterday we have released (not yet announced though) version 1.9.1 (see https://github.com/exteso/alf.io/releases/tag/1.9.1 ). We now support paypal, the admin GUI has been restyled, and more. If you want to migrate your existing application and need help with that just ask!

--
You received this message because you are subscribed to the Google Groups "alfio" group.
To unsubscribe from this group and stop receiving emails from it, send an email to alfio+unsubscribe@googlegroups.com.
To post to this group, send email to al...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/alfio/5fe38ebe-4b16-4fe7-a200-a6a69f1c15f0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Peter Vansweevelt

unread,
Dec 3, 2016, 6:21:43 AM12/3/16
to alfio
Hello

As suggested I generated two new API-keys, although I could not choose between Server or Browser-key. It are all simple API-keys now.

These are some tests I made:

Opening an existing event: the map is not showed. If I copy the link of the map, I can past it in a browser and I see the map, eg:

which works also without a key:
https://maps.googleapis.com/maps/api/staticmap?center=50.9331957,3.1447179&zoom=16&size=400x400&markers=color:blue%7Clabel:E%7C50.9331957,3.1447179

When I' ve opened it in another tab, I could refresh the page and the map wa
Op maandag 7 november 2016 16:50:04 UTC+1 schreef Peter Vansweevelt:

Peter Vansweevelt

unread,
Dec 3, 2016, 6:34:33 AM12/3/16
to alfio, Kurt Debrouwer
Hello

As suggested I generated two new API-keys, although I could not choose between Server or Browser-key. It are all simple API-keys now.
I set the referer of both keys on *alfio-staproeselare*.

These are some tests I made:

1.
Opening an existing event: the map is not showed. If I copy the link of the map, I can past it in a browser and I see the map, eg:

which works also without a key:
https://maps.googleapis.com/maps/api/staticmap?center=50.9331957,3.1447179&zoom=16&size=400x400&markers=color:blue%7Clabel:E%7C50.9331957,3.1447179

When I' ve opened it in another tab, I could refresh the page and the map was showing (probably out of the cache).

2.
Changing API-keys of an existing event, gives the same situation as above.

3.
Changing API-keys of an organization, gives the same as in 1 when opening existing events.

4.
The problem rests in creating new events or changing existing ones. In that case the location is (re)controled and gives the 404 Not Found error.

An example URL:

with headers;

request:

GET /admin/api/location/geo.json?location=meenseheirweg%2020,%208800%20Roeselare HTTP/1.1

Host: alfio-staproeselare.rhcloud.com

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0

Accept: application/json, text/plain, */*

Accept-Language: nl,en-US;q=0.7,en;q=0.3

Accept-Encoding: gzip, deflate, br

X-Requested-With: XMLHttpRequest

X-CSRF-TOKEN: 84a81c2a-6f11-4636-b718-b36b5156823f

Referer: https://alfio-staproeselare.rhcloud.com/admin

Cookie: GEAR=local-56ab28a289f5cfd4d20000c7; JSESSIONID=Papfw3tR7EEWib44IzAkW-nn.alfio-staproeselare.rhcloud.com

Connection: keep-alive


Response:

HTTP/1.1 404 Not Found

Date: Sat, 03 Dec 2016 11:30:08 GMT

Server: WildFly/8

X-Powered-By: Undertow/1

Content-Type: application/json;charset=UTF-8

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

Transfer-Encoding: chunked

I think this suggests something on the server is not going well.

Anny suggestions?

Thanks in advance

Peter Vansweevelt


Op maandag 7 november 2016 16:50:04 UTC+1 schreef Peter Vansweevelt:
Hello

Peter Vansweevelt

unread,
Dec 5, 2016, 8:36:13 AM12/5/16
to alfio
Hello

Maybe the problem is the changed Google Maps APIs Standerd Plan as described in
 In point 1 they state that keyless requests are not langer allowed and as we can see in the error message, when leaving the location's form control, the API-key is not added to this request.


Has this been updated in the new version of Alf.io? (We still use version 1.6.2)

kind regards

Peter Vansweevelt

Op maandag 7 november 2016 16:50:04 UTC+1 schreef Peter Vansweevelt:
Hello

Celestino Bellone

unread,
Dec 5, 2016, 12:31:50 PM12/5/16
to al...@googlegroups.com
Hi Peter,

Thank you for pointing it out. We didn't notice that google got rid of the concept of "client key" and "server key" :-)
We should modify the way we call Google Maps API in order to simplify the process. Any suggestions would be more than welcome.

Anyway, I have generated a new set of keys for our test system (Credentials -> Create Credentials -> API Key):

- the first one for the public website (for which I added the website-address restriction - something like alf.io/*)
- the second one for the server (not restricted)

The "server" key cannot have a restricted access because, as you are on a public cloud provider, you cannot be sure how the server will identify itself, for different reasons:
- there could be a firewall/proxy/load balancer in the middle between your server and google API server, rewriting the originating IP
- Your application has been configured to scale, so an arbitrary server (and therefore another IP) can be added to your domain

could you please try adding another key for the server (exactly as I did) and letting us know? I think that the second key should do the trick.

Thank you
Celestino

P.S.: the URL https://alfio-staproeselare.rhcloud.com/admin/api/location/geo.json?location=meenseheirweg%2020,%208800%20roeselare is actually pointing to your alf.io instance and not directly to the google API server. Since the server key cannot be restricted, it wouldn't be safe enough to publish it on the browser. This mechanism has been there since the beginning, so your instance is already working properly. 


--
You received this message because you are subscribed to the Google Groups "alfio" group.
To unsubscribe from this group and stop receiving emails from it, send an email to alfio+unsubscribe@googlegroups.com.
To post to this group, send email to al...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/alfio/8724dc16-ac87-424a-8125-61d8d60756c9%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages