[push-api] Fire pushsubscriptionchange when user revokes permission (#116) from John Mellor on 2015-02-24 (public-webapps-github@w3.org from February 2015)

From: John Mellor <notifications@github.com>
Date: Tue, 24 Feb 2015 03:27:21 -0800
To: w3c/push-api <push-api@noreply.github.com>
Message-ID: <w3c/push-api/issues/116@github.com>

The spec [says](https://w3c.github.io/push-api/#h-security-and-privacy-considerations), "When a permission is revoked, all push subscriptions created with that permission must be [deactivated](https://w3c.github.io/push-api/#dfn-deactivated)" (i.e. automatically unsubscribed).

We should clarify in the [pushsubscriptionchange section](https://w3c.github.io/push-api/#the-pushsubscriptionchange-event) that the `pushsubscriptionchange` event must be fired in such cases.

This is different from #61 since the webapp's state (cookies, IDB, etc) haven't been reset, and so if we didn't fire `pushsubscriptionchange`, this would create a new state that sites have to explicitly handle.

(unlike other `pushsubscriptionchange` events, it won't be possible to resubscribe automatically - but that's fine, because sites already have to handle failure to resubscribe, e.g. in case the device is offline).

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/push-api/issues/116

Received on Tuesday, 24 February 2015 11:28:17 UTC