Join 3,433 readers in helping fund MetaFilter (Hide)


How can I use Google Maps on a secure page?
July 5, 2007 9:41 AM   Subscribe

How can I include a Google Map on a secure page?

I'm including a Google Map on a page where users can sign up for a service. The page is accessed via SSL, and before I included the map, the entire page was transmitted securely. Now, however, browsers complain that portions of the page (the map) are transmitted insecurely. I understand the user information is still secure, but my users probably won't.

How can I change this page so that the google map is still available and users may still interact with it, but the entire page is delivered via SSL?

Additionally, I had to change firewall rules for the users' subnet to allow access to google.com to load the map. Is there a way to rework this such that the server does the work of loading the map and presents it to the users?

Thanks!
posted by odinsdream to Computers & Internet (6 answers total)
 
The easiest way would be to proxy the connection to Google Maps. Depending on how much the user interacts with google maps, this may be really easy or a little annoying.

This makes the assumption that you can set up the proxy wherever you are hosting the app.

You'll also get dinged a few times for bandwidth (user requests map from you, you request map from gmaps, you get map from gmaps, user gets map from you), so if that is an issue, you may want to find another solution.
posted by AaRdVarK at 10:04 AM on July 5, 2007


Well, I'd like to allow all interaction that would normally be possible with the map. That would include zooming, panning, switching between Map/Satellite/Hybrid views, and clicking on markers to see their associated information.

The map is included inline on the page via Google's API - I only need to allow users to access this bit, not the main google maps site.
posted by odinsdream at 10:22 AM on July 5, 2007


It's not likely to be possible without the warning.

As AaRdVarK noted, you could try to fool it into sending connections to your server for some data, and instead proxy those requests through to the real source. But, what he failed to mention is that it sends back javascript code, which you don't have much control over (because it's obscured), and which probably refers to other servers on the 'net for image data. It'd be /really hard/ to rewrite the stream and capture it all.
posted by cmiller at 10:29 AM on July 5, 2007


I haven't actually tried this, but couldn't you put the map in an insecure frame/iframe on your page?
posted by MonkeySaltedNuts at 10:57 AM on July 5, 2007


How obscured can javascript be? If its just escaped stuff, its not hard to write a 'decrypter,' and if you're only looking for URLs, even easier. I think that's probably your best bet, recognizing it'll be slow, if you really want the entire page encrypted.
posted by devilsbrigade at 3:15 PM on July 5, 2007


I think I'll just link to a non-secure page from the secure page, given that this appears to be non-trivial. Thanks for the advice, everyone.
posted by odinsdream at 4:53 PM on July 5, 2007


« Older I'm trying to replace my girlf...   |  Help me find an old (mid- to l... Newer »
This thread is closed to new comments.