Comments (9)
In theory, one might want to run their push service. We could:
- print a warning when an unknown push service is used;
- add a parameter to sendNotification to block unknown push services.
from web-push.
In theory, one might want to run their push service.
If I understand you correctly, it's impossible to get a browser to subscribe to your own push service. PushManager.subscribe()
internally calls the browser vendor's own private push service and you have no way of changing that.
from web-push.
In Firefox you can change it by setting some internal preferences. If you are a big organization who wants to have a private push service, you could do that.
from web-push.
Oh interesting. I'll pray for any org who goes down that path :)
from web-push.
It's not too complex, you "just" need to use an open source Web Push server like https://github.com/mozilla-services/autopush-rs/ and deploy it somewhere :)
from web-push.
This just adds an unnecessary time bomb to the library if any of the vendors decide to change their push service domain, or if any new vendors start to run their own services. If someone is this paranoid about security, it's better to whitelist it on the DNS layer.
from web-push.
Agreed!
from web-push.
Ok I understand the hesitation because things can and do change and you don't want to burden the library with that maintenance. To be fair, there's no "paranoia" here. Attacks have and will happen, like android.chromlum.info
which was a malicious web push endpoint.
There's not a lot of good resources to help guard against this, perhaps this lib could simply add some info/resources in its docs?
from web-push.
I would accept a PR to do one or both of the things in #801 (comment).
from web-push.
Related Issues (20)
- 3.6.1 is not published on npm HOT 1
- iOS and Apple HOT 5
- Encoding issues while generating VAPID keys HOT 4
- Body not showing in push notification HOT 2
- package.json: change of node >= 6 to node >= 16 should be a minor version upgrade? HOT 1
- Validation error of protocol is never returned
- Is there a changelog somewhere? HOT 3
- Dependency urlsafe-base64 uses Buffer unsafely (via http-ece) HOT 8
- TypeError [ERR_UNKNOWN_ENCODING]: Unknown encoding: base64url HOT 2
- Notifications not always shown in MacOS Chrome HOT 1
- How to define target endpoint for notification HOT 1
- Add support for multiple WebPush instances HOT 2
- Calling fetch function for push notifications in service worker causes CORS error HOT 1
- Can webpush push be configured with images like new notification messages? HOT 1
- Unsubscribed due to error DELIVERY_PERMISSION_DENIED
- FCM legacy api shutdown HOT 1
- Will the code still work when FCM API is removed in Jun-2024? HOT 2
- util.inherits is not a function
- [Feature Request] Add Image Support
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from web-push.