Login/Register
Are push notifications possible in html5 without fully https site?
Asked Answered
htmlgoogle-chromefirefox-osservice-workerweb-push
M

4

12

Looks like Push notifications are finally usable for web-apps! Unfortunately, this requires https for ServiceWorker, which not all sites may have.

One thing I noticed in the spec it mentions:

if r's url's scheme is not one of "http" and "https", then: Throw a TypeError."

So I'm confused - can the site be http, as long as it includes a serviceworker that is from https? For example, mydomain.com could include an https serviceworker from https://anotherdomain.com?

Another standard, web-api simple-push, doesn't mention requiring https (likely an omission in the documentation?), and "The user experience on Firefox Desktop has not been drawn out yet". Is the documentation on this outdated, or is push really only supported in FirefoxOS??

Meninges answered 30/5, 2015 at 4:31 Comment(1)
is that possible serviceworker from https ?Contaminant
I
2

Simple-push, that is the current push solution in Firefox OS doesn't have anything to do with ServiceWorkers.

The next generation of push, implemented by both Google and Mozilla will be done through ServiceWorkers:

In that case yes, your content will need to be served over HTTPS.

Probably you will be interested in the LetsEncrypt initiative:

A new certification authority that will help developers to transition their content over HTTPS.

Also just for development purposes, both Google and Mozilla implementations of ServiceWorkers allow you to bypass the check of the secure content, if you develop against localhost. In the case of Mozilla you will need to enable the flag:

devtools.serviceWorkers.testing.enabled: true

But again this will be just for development, and AFAIK, Mozilla push landed or is about to land, and will be available in the nightly builds, you can follow the work here:

Immunoreaction answered 1/6, 2015 at 8:38 Comment(4)
So one is current...but only in FirefoxOS, one is "next-generation" of push ability, and is HTTPS-only and only in Chrome...?Meninges
the 'next-generation' one, will be https only, but will be supported by gecko and blink (which means Firefox, Chrome and Opera)Immunoreaction
This answer is wrong, changing the devtools.serviceWorkers.testing.enabled: true has no effect on the The operation is insecure. error.Folksy
Tomáš Zato the preference will allow you to use SW just in localhostImmunoreaction
T
1

No, the new generation of push notifications (i.e. Push API) requires HTTPS.

If you need to add push notifications to a website without HTTPS you can use a third-party service like Pushpad (I am the founder) that delivers notifications on your behalf.

Trigonometry answered 24/1, 2016 at 13:54 Comment(0)
T
1

I found a nice bypass workaround to allow notifications from websites and domains without SSL, hence http:// and not https:// for Firefox.

Firefox holds a file inside the Mozilla directory called permissions.sqlite which is a sqlite database file that holds the permissions for domains. You can add your domain there http://yourdomainname with permissions for notifications and it will work.

I have created a demonstration for Windows here https://gist.github.com/caviv/8df5fa11a98e0e33557f75215f691d54 in golang

Tintoretto answered 7/3, 2020 at 14:30 Comment(0)
H
0

The text you cited from the spec is from the Cache.addAll() section (5.4).

Here's the summary of addAll() on MDN:

The addAll() method of the Cache interface takes an array of URLS, retrieves them, and adds the resulting response objects to the given cache. The request objects created during retrieval become keys to the stored response operations.

Service workers can request & cache URLs that are either HTTP or HTTPS, but a Service Worker itself can only work in its registered Scope (which must be HTTPS).

simple-push is not related to Service Workers; it seems comparable to the approaches other platforms have taken:

Hadria answered 31/5, 2015 at 1:17 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.