Bug Report: Client-Side Geocoding API Request Fails

Hello Support Team,

I am experiencing a critical issue with the Google Maps integration in your plugin. The plugin appears to be making direct XMLHttpRequest calls to the Google Maps Geocoding API (REST endpoint) from the client’s browser, rather than using the Google Maps JavaScript API Geocoding Service.

The Problem:

1. My Google Maps API Key has HTTP Referrer (Website) restrictions set for security (e.g., https://example.com/*), which is standard best practice.
2. The plugin attempts to call https://maps.googleapis.com/maps/api/geocode/json?address=... directly from the user’s browser.
3. Google’s REST API endpoints do not support HTTP Referrer restrictions. They require IP restrictions (which are impossible for client-side code) or no restrictions.
4. This results in the error: API keys with referer restrictions cannot be used with this API and the functionality breaks (popup doesn’t open).

Why this is a Security Risk:
To make your plugin work, I am forced to remove all website restrictions from my API key, leaving it vulnerable to theft. I have to rely on Quota limits to protect my billing, which is not an ideal security posture.

Steps to Reproduce:

1. Create a Google Maps API Key and restrict it to a specific domain (Referrer).
2. Use the plugin to search for a pickup point or rely on the auto-geocoding feature.
3. Observe the console error: REQUEST_DENIED: API keys with referer restrictions cannot be used with this API.

Suggested Fix for Developers:
Please update the code to use the Google Maps JavaScript API Geocoder class (google.maps.Geocoder) instead of fetching the REST endpoint directly. The JavaScript API does support Referrer restrictions, allowing us to keep our keys secure.