Notification::getOrigin Does not handle non standard ports leading to incorrect VAPID JWT aud.

As per the VAPID spec (https://tools.ietf.org/html/rfc8292#section-2) 

> An "aud" (Audience) claim in the token MUST include the Unicode
      serialization of the origin (Section 6.1 of [RFC6454]) of the push
      resource URL.  This binds the token to a specific push service and
      ensures that the token is reusable for all push resource URLs that
      share the same origin.
      
  And as per RFC 6454 (https://tools.ietf.org/html/rfc6454#section-6.1) for non default ports these should be included.
  
The implementation of getOrigin does not handle this -

> https://github.com/web-push-libs/webpush-java/blob/ac647d27e80e7860881c4cbc829bd39779d3a694/src/main/java/nl/martijndwars/webpush/Notification.java#L156

Meaning the VAPID aud can be incorrect.
  

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Notification::getOrigin Does not handle non standard ports leading to incorrect VAPID JWT aud. #153

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Notification::getOrigin Does not handle non standard ports leading to incorrect VAPID JWT aud. #153

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions