- From: Marco Colli <notifications@github.com>
- Date: Fri, 02 Dec 2022 01:34:01 -0800
- To: w3c/push-api <push-api@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/push-api/issues/357@github.com>
When a push subscription is refreshed, I assume that the new push subscription is a completely different object, with different endpoint and different keys. Having a guarantee that all subscription fields (endpoint and keys) are immutable, allows an application server that stores the subscriptions in a database to mark the fields as immutable and thus protect the integrity of subscriptions. I think that the behavior is already correct in the browsers (do you confirm?). However, you need to clarify the sentence in the standard to make it more explicit: https://www.w3.org/TR/push-api/#subscription-refreshes > When this happens, the [user agent](https://www.w3.org/TR/push-api/#dfn-user-agent) MUST run the steps to [create a push subscription](https://www.w3.org/TR/push-api/#dfn-create-a-push-subscription) given the [PushSubscriptionOptions](https://www.w3.org/TR/push-api/#dom-pushsubscriptionoptions) that were provided for creating the current [push subscription](https://www.w3.org/TR/push-api/#dfn-push-subscription). The new [push subscription](https://www.w3.org/TR/push-api/#dfn-push-subscription) MUST have **[[an endpoint and a key pair that are]]** different from the original subscription. **[[Bold]]** is mine, it's the change. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/push-api/issues/357 You are receiving this because you are subscribed to this thread. Message ID: <w3c/push-api/issues/357@github.com>
Received on Friday, 2 December 2022 09:34:13 UTC