- From: Martin Thomson <notifications@github.com>
- Date: Thu, 24 Nov 2016 15:47:11 -0800
- To: w3c/push-api <push-api@noreply.github.com>
- Message-ID: <w3c/push-api/issues/226@github.com>
The [applicationServerKey](https://w3c.github.io/push-api/#widl-PushSubscriptionOptions-applicationServerKey) is currently specified as a `BufferSource`. We could be a little more flexible in terms of how we allow applications to set this value. Options: 1. Keep it as is 2. Add a base64url option (make the type a union of DOMString and BufferSource) 3. Something else @costinm suggested that the browser could acquire this key automatically from a `.well-known` location on the origin. I think that adds a level of brittleness to the API that isn't warranted. A variation on this is to tell the push service about the origin of the page and have it do the lookup. That's a privacy regression in addition to being brittle. Option 2 seems fairly easy. It might mean that the browser can avoid having to encode into a string for sending to the server. In practice, it isn't any improvement because we recommend that user agents validate the key (which Firefox does). cc @jrconlin @costinm -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/push-api/issues/226
Received on Thursday, 24 November 2016 23:47:43 UTC