-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarify requirements for push endpoint determinism and predictability #274
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should reference the text in RFC 8030 about this: https://tools.ietf.org/html/rfc8030#section-8.2
index.html
Outdated
@@ -526,6 +526,13 @@ | |||
subscription</a> MUST be <a>deactivated</a>. | |||
</p> | |||
<p> | |||
The <a>push endpoint</a> MUST NOT enable information about the user to be derived by actors |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/enable/expose
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
index.html
Outdated
The <a>push endpoint</a> MUST NOT enable information about the user to be derived by actors | ||
other than the <a>push service</a>, such as the user's device, identity or location. | ||
<a>Push services</a> that do not require <a>push subscriptions</a> to be restricted to an | ||
<a>application server</a> [[!WEBPUSH-VAPID]] MUST NOT generate predictable |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this requirement only levied on endpoints that are NOT restricted? RFC 8030 is pretty clear on this point and restriction to an application server doesn't change that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point - I've updated this to refer 8030 instead.
This also updates the [[!WEBPUSH-PROTOCOL]] references to [[!RFC8030]]. Fixes w3c#273
d9501cd
to
9c08033
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! Please take another look, I've applied the changes and s/WEBPUSH-PROTOCOL/RFC8030/ everywhere. I'll run tidy after the current series of changes landed.
index.html
Outdated
@@ -526,6 +526,13 @@ | |||
subscription</a> MUST be <a>deactivated</a>. | |||
</p> | |||
<p> | |||
The <a>push endpoint</a> MUST NOT enable information about the user to be derived by actors |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
index.html
Outdated
The <a>push endpoint</a> MUST NOT enable information about the user to be derived by actors | ||
other than the <a>push service</a>, such as the user's device, identity or location. | ||
<a>Push services</a> that do not require <a>push subscriptions</a> to be restricted to an | ||
<a>application server</a> [[!WEBPUSH-VAPID]] MUST NOT generate predictable |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point - I've updated this to refer 8030 instead.
This update looks good to me, thanks! |
/cc @magnus-git
Preview | Diff