Comments (1)
Related to #117
There's no real objection to web push features, it's just that the maintainers haven't had the free time to implement and qa the features to provide a complete implementation (e.g. does it vary between browsers/OSes, are there edge cases in networking, how has it changed since 2016, security concerns with user-provided endpoints, etc).
It's also a complicated spec.
I'd thought at least one of the maintainers would be involved in an application that used web push, but they had ended up working on other projects instead.
Miscellaneous findings that may help with implementing this in uniqush-push
Uniqush would have to handle unsubscriptions, and the response payload differs between platforms. https://developers.google.com/web/fundamentals/push-notifications/common-issues-and-reporting-bugs mentions some of the differences between Chrome and Firefox - I don't know about edge/opera/safari. Checking the HTTP response code with https://developers.google.com/web/fundamentals/push-notifications/common-issues-and-reporting-bugs#http_status_codes may work on more/all platforms? https://developers.google.com/web/fundamentals/push-notifications/sending-messages-with-web-push-libraries mentions some relevant details
To determine the type of error from a push service it's best to look at the status code. Error messages vary between push services and some are more helpful than others.
In this example, it checks for status codes 404 and 410, which are the HTTP status codes for 'Not Found' and 'Gone'. If we receive one of these, it means the subscription has expired or is no longer valid. In these scenarios, we need to remove the subscriptions from our database.
And https://developers.google.com/web/fundamentals/push-notifications/display-a-notification would be useful for mapping uniqush's property names to, for <uniqushhost>/push
- https://github.com/SherClockHolmes/webpush-go seems up to date, but that only handles sending it - checking what a response means (e.g. a subscription is no longer valid and can be deleted from redis) is not part of that library
- https://github.com/SherClockHolmes/webpush-go/tree/master/example has an example of this. If I generate a public key with webpush.GenerateVAPIDKeys() in Chrome, I get something like
{"subscription":{"endpoint":"https://fcm.googleapis.com/fcm/send/<data>","expirationTime":null,"keys":{"p256dh":"<data>","auth":"<data>"}}}
. In Firefox on Linux,{"subscription":{"endpoint":"https://updates.push.services.mozilla.com/wpush/v2/<data>","keys":{"auth":"<data>","p256dh":"<data>"}}}
. And probably various other services for opera/safari/edge and others. - I see the same question I'm asking in https://stackoverflow.com/questions/52252877/which-host-ports-should-be-open-for-web-push as well. Maybe a configurable whitelist of additional hosts would help
- Resolving IP addresses, using those with a manually set "Host:" header, and making sure they aren't internal IP blocks (e.g. localhost) would help somewhat with the security concerns.
- Setting connect timeouts/request timeouts and avoiding redirects would help avoid networking edge cases
A guess of common major endpoints, which will go out of date or may only apply to receiving, not sending:
*.notify.windows.com
android.googleapis.com
fcm.googleapis.com
updates.push.services.mozilla.com
gateway.push.apple.com
If uniqush-push were to be set up behind a firewall that limits access to only a few external ips, that may cause problems. It may be useful to allow it to configure an https proxy and have all web pushes go through that proxy
from uniqush-push.
Related Issues (20)
- APNs binary protocol will be disabled in November 2020 - Provide migration steps
- Add a health check for connection pools, redis being connected HOT 3
- Refuse to start up if APNs certificates cause SystemRootsError
- Potential code quality issues found HOT 3
- Fix no-op Signal(os.Kill)
- Idea: Add an opt-in mode to act as a proxy without managing tokens
- Consider migrating GCM/FCM from legacy HTTP API to HTTP v1 API
- Look into token-based instead of certificate-based connections to APNs
- Add Destination pointer to all push.Error implementations, to log
- Disable APNs binary protocol and feedback checker HOT 1
- Look into supporting apns-push-type setting HOT 1
- cant receive message in android app
- Remove psps
- What about an open server-side events/REST protocol for apps on any platform?
- Document how to support new root CAs for APNs servers with uniqush
- Make FCM/APNS timeouts configurable?
- Switch to api.sandbox.push.apple.com
- what tutorials on this are complete, i cant send a push notification via fcm
- Support UnifiedPush on Android devices HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from uniqush-push.