- From: Kagami Sascha Rosylight <notifications@github.com>
- Date: Mon, 24 Nov 2025 04:46:08 -0800
- To: w3c/push-api <push-api@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/push-api/pull/413/review/3499903640@github.com>
@saschanaz approved this pull request.
LGTM, Gecko will need to move the permission check after the key validation, and I assume others already do that?
> - following checks in different order (e.g., some check if
- {{PushSubscriptionOptionsInit/userVisibleOnly}} is allowed after validating the
- {{PushSubscriptionOptionsInit/applicationServerKey}}, and vice versa). However, we
- don't believe this affects interoperability of implementations or web applications.
- </p><!-- This doesn't really seem acceptable this day and age. -->
- </aside>
+ <li>If |scope| is failure or is a [=/URL=] whose [=url/scheme=] is not "`https`", then
+ [=queue a global task=] on the [=networking task source=] using |global| to [=reject=]
+ |promise| with a {{"NotAllowedError"}} {{DOMException}} and terminate these steps.
+ </li>
+ <li>If |options|["{{PushSubscriptionOptionsInit/userVisibleOnly}}"] is false and the user
+ agent requires it to be true, then [=queue a global task=] on the [=networking task
+ source=] using |global| to [=reject=] |promise| with a {{"NotAllowedError"}}
+ {{DOMException}} and terminate these steps.
+ </li>
+ <li>If |options|["{{PushSubscriptionOptionsInit/applicationServerKey}}"] is not non-null
Can we say "is null"?
--
Reply to this email directly or view it on GitHub:
https://github.com/w3c/push-api/pull/413#pullrequestreview-3499903640
You are receiving this because you are subscribed to this thread.
Message ID: <w3c/push-api/pull/413/review/3499903640@github.com>
Received on Monday, 24 November 2025 12:46:12 UTC