Re: [w3c/push-api] Some questions about VAPID and encrypted messages (#278) from floatingstone on 2017-07-17 (public-webapps-github@w3.org from July 2017)

From: floatingstone <notifications@github.com>
Date: Mon, 17 Jul 2017 12:13:05 +0000 (UTC)
To: w3c/push-api <push-api@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/push-api/issues/278/315738635@github.com>

@beverloo, Thank you so much for your reply, :)

> The push service needs to store this key if it decides to support Subscription Restrictions (see section 4). Otherwise the k parameter in the Authorization header will do.

Should push service check the validation of this key before decide to store it ? 
If don't, following code may let the push service to store a lot of useless information.
```javascript
while (true) {
  const newRandomStr = <random string...>;

  const subscribeOptions = {
    userVisibleOnly: true,
    applicationServerKey: urlBase64ToUint8Array(
      newRandomStr
    )
  };

  registration.pushManager.subscribe(subscribeOptions);
}
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/push-api/issues/278#issuecomment-315738635

Received on Monday, 17 July 2017 12:13:34 UTC