-
Notifications
You must be signed in to change notification settings - Fork 143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use service workers for push notifications #3960
Comments
Possibly related to #2777. |
Depends on #4295, enabling us to use the |
Service workers only work with HTTPS [1], so even if you decide to use them there should probably be a legacy fallback. Also, I'm already using a service worker on a WCF site for cache management so I would probably end up disabling WCF's one anyway. (because there can be only one service worker per domain). [1] From MDN: Service workers only run over HTTPS, for security reasons. Having modified network requests, wide open to man in the middle attacks would be really bad. In Firefox, Service Worker APIs are also hidden and cannot be used when the user is in private browsing mode. https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API |
Honestly I do not see that need. Why should any administrator run a website without HTTPS in the year 2022 (and later)? There are zero reasons. And even if an administrator decides so - push notifications are not strictly needed and it's an explicit decision to deny the use of HTTPS. So why bother with a legacy implementation for such a small number of affected installations? |
If not intentional HTTP then testing or just internal installations come to mind. Maybe they are minor cases, I don't know. But it's exactly the case of 'why bother'. The current solution works, this one has drawbacks, imo no need to touch it. |
There is no reason why you couldn't use HTTPS in testing or for internal installations. |
Requirements
Some helpful links: |
The current implementation for push notifications is implemented through a period polling with increasing delays during inactivity. This does create some load on the server (although very little even for large communities) and is anything but "instant".
We should look into service workers and figure out what the data security looks like.
The text was updated successfully, but these errors were encountered: