elderlyman
-
Content Count
8 -
Joined
-
Last visited
-
paul2009 reacted to an answer to a question:
Hide an API key in file on a disabled page
-
Hide an API key in file on a disabled page
elderlyman replied to elderlyman's question in Coding and Customization
@paul2009 thanks for the thorough answer. I've been trying to balance a few goals: use a very simple code block (don't turn on dev mode), keep the API key secure as a best practice/to avoid quota theft, and avoid unnecessary complexities that might break. I can now see how, within the options of the code block or with file uploads, I'm still playing only in the front end. Even though I can't do exactly what I wanted, it's nice to have come to some conclusions about what my options are. Thanks!- 5 replies
-
- 1
-
-
- api
- file upload
- (and 3 more)
-
Hide an API key in file on a disabled page
elderlyman replied to elderlyman's question in Coding and Customization
@bangank36 Thanks. Since you say it is the simplest option, I'll start experimenting with a Google Apps script on a published url. Are you sure that an API key listed in a script on a public URL would be safe? -
Thanks @RyanDejaegher. I should have read the docs further to see that display is always checked for JS. Though I still don't understand why the Squarespace feature would be designed this way. Why would there be no option to actually run JavaScript in a code block, only display it? Yet the HTML can actually run be run or be displayed in a code block?
-
Site URL: http://bostonbiketaxi.com When I attempt to write some code in a code block using JavaScript, the Display Source option grays out and prohibits me from checking/unchecking. So I am effectively prohibited from using JavaScript in a code block. The option to check/uncheck the Display Source box works as expected when HTML is selected, but not for JavaScript. What could be happening here?
-
Trying to embed code for convertkit form into code block
elderlyman replied to nicolescheitlin's question in Coding and Customization
I'm having an issue with this because I cannot uncheck the Display Source box for Javascript, only HTML. So I am effectively prohibited from using pure JavaScript using code blocks -
I would like to make a fetch request from my squarespace site to a weather data provider. The code works fine when I write it into a code block directly on the page. My issue is that the code contains an API key that I want to keep secure, yet accessible. My strategy to keep this "simple" was to use the method described in this article to upload my file that runs the script which uses the API key, and then reference that file using <script src="/s/javascriptfile.js"></script> The biggest question is whether storing an API key in an uploaded file linked on a disabled
-
Where do I upload JavaScript files?
elderlyman replied to Mario Campos's question in Coding and Customization
I am hoping that the @Mario Campos answer from November 30, 2012 is still valid. If it is valid, I would love to hear some input from @SQUARESPACE about whether users should still expect to wait 24 hours for uploaded files to be accessible/run when referenced on other pages, as observed by @CedricLor. My goal is to upload files to an unlinked and disabled page so that I can reference API keys securely rather than write those keys directly into a code block. Would disabling a page interfere with file references? Toggling it enabled/disabled does not seem to make a difference. -
Display a list of local events from seatgeek API
elderlyman posted a question in Coding and Customization
Site URL: https://bostonbiketaxi.com/ Hi there, Would it possible to connect to the SeatGeek API to display local event data on my site? The SquareSpace API docs all seem directed towards commerce-related goals. I have some mobile app dev experience, so I am familiar with how to connect to the SeatGeek API in that context. I just don't know if code within a squarespace site would allow me to do this. Thanks very much for any help!
