我使用Angular开发了一个引用Google Map的小型前端。GMap文档说,我必须在带有API密钥的index.html页面中添加引用:
<script type="text/javascript" src="https://maps.google.com/maps/api/js?key=API_KEY" async defer></script>
由于此项目位于GitHub上,因此API密钥对所有人公开。我该如何保护它?
在Angular中,有一个envrionment.ts文件(具有与生产等效的文件),在其中存储诸如密钥之类的敏感信息,但是如何通过代码注入API密钥?
我在 dotnet core 3.1 Web api 项目中使用 Swagger Swashbuckle,但无法向请求调用发送承载授权。我在我的ConfigureServices方法中定义了这个:
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo() { Title = "MyApi", Version = "v1" });
// Set the comments path for the Swagger JSON and UI.
var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
c.IncludeXmlComments(xmlPath);
c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows()
{
Password = new OpenApiOAuthFlow()
{
TokenUrl = new Uri("/api/Account/Login", UriKind.Relative),
}
},
In = ParameterLocation.Header,
Name = "Authorization",
Scheme = "Bearer",
}); …authorization swagger bearer-token .net-core asp.net-core-webapi