Hi!

When using the gmap module in conjunction with SSL (e.g. via the securepages module), leads to problems, since a script is loaded from maps.google.com/maps via plain http causing warnings in most browsers.

Since the Google maps service can't be accessed via https with the free api keys just replacing http with https won't work.

In our case, where no pages containing maps need to be access in a secure manner, the solution was to prevent adding the script to the html-header when the site is accesed via https. The attached patch solved the problem for us. It's kind of a hack; a better solution would be, if google's script would only be loaded, if it's needed on the page shown, but I didn't know how to do that.

Maybe it's useful for someone else, so I post it here.

Best regards and thanks for all the work,
Alexander

CommentFileSizeAuthor
#4 gmap-429330-3.patch1.3 KBjsenich
#2 gmap_429330.patch1.34 KBahojchris
gmap-nossl.patch567 bytestolimar

Comments

christiaan_’s picture

christiaan_ commented
Version: 5.x-1.0-rc2 » 6.x-1.1

Google Maps APIs over SSL now available to all

http://googlegeodevelopers.blogspot.com/2011/03/maps-apis-over-ssl-now-a...

If you need your site to be secure and google maps to load over SSL change the following in the gmap.module file.

line: 329
drupal_set_html_head('<script src="'. check_url(url('https://maps-api-ssl.google.com/maps', array('query' => $query))) .'" type="text/javascript"></script>');

line: 1112
$data = drupal_http_request('https://maps-api-ssl.google.' . $tld . '/maps/geo?q=' . drupal_urlencode($address) . '&output=csv&key=' . $key);

You would also need to generate a new Google Maps API key for your SSL domain.

ahojchris’s picture

ahojchris commented
StatusFileSize
new gmap_429330.patch1.34 KB

Taking inspiration from the above post, this patch adds a function (gmap_views_protocol) to check the current page protocol and returns a string of either 'http' or 'https' accordingly. This function is called on lines 329 and 1112 where the google map URIs are set. This patch does not address the fact that you need a different API key for http vs. https, so one still needs to use the same protocol consistently site-wide for all gmap content.

An additional improvement would be to add a secondary (optional) API field for SSL access and work that into line 1112.

Feedback?

jsenich’s picture

jsenich commented
Version: 6.x-1.1 » 7.x-1.x-dev

This is needed in 7.x as well.

jsenich’s picture

jsenich commented
StatusFileSize
new gmap-429330-3.patch1.3 KB

Patch against 7.x-1.x-dev.

mcpuddin’s picture

mcpuddin commented
Status: Active » Reviewed & tested by the community

Works well for me on Drupal 6

vince@lacknergroup.com’s picture

vince@lacknergroup.com commented

Unsubscribe

mrfelton’s picture

mrfelton commented

Patch in #2 works for me. Though I had to add this in my settings.pgp file to allow me to use a different key on the HTTPS site:

// Override the gmaps API key for our local domain name.
$conf['googlemap_api_key'] = "MYHTTPKEY";
if (!empty($_SERVER['HTTPS'])) {
  $conf['googlemap_api_key'] = "MYHTTPSKEY";
}
catrina’s picture

catrina commented

This patch worked for me on Drupal 7. Gmap.module version 7.x.-1.x-dev. Thank you!

christiaan_’s picture

christiaan_ commented
markie’s picture

markie commented

Patch #4 works and should be applied to the dev snapshot.

haiiro.shimeji’s picture

haiiro.shimeji commented
Status: Reviewed & tested by the community » Fixed

Patch #4 is applied to 7.x-1.x branch. Thanks a lot!

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

ice5nake’s picture

ice5nake commented

Is this fixed in the 6.x dev version? If it is fixed in dev, will this be pushed to the stable release anytime soon?