From d378d6d5e8ab45dbeba7c7ac2e2396af50fe3b48 Mon Sep 17 00:00:00 2001 From: Ross Kaffenberger Date: Mon, 29 Jan 2024 21:18:15 -0500 Subject: [PATCH] Update README for subscribing This change updates a long-standing piece of Push Subscription directions in the README which demonstrates setting of the applicationServerKey into a Uint8Array from the decoded raw bytes of the vapid public key. This step is cumbersome and there is a simpler alternative. The Push API docs for the PushSubscriptionOptions interface say of the applicationServerKey: > When provided as a DOMString, the value MUST be encoded using the base64url encoding [RFC7515]. https://www.w3.org/TR/push-api/#dom-pushsubscriptionoptions-applicationserverkey RFC 7515 states that the Base64 url-safe encoding omit the padding characters: > Base64 encoding using the URL- and filename-safe character set defined in Section 5 of RFC 4648 [RFC4648], with all trailing '=' characters omitted https://www.rfc-editor.org/rfc/rfc7515 It turns out the generated vapid public is already Base64 url-safe encoded! However, for historical reasons, Ruby's Base64.urlsafe_encode64 method includes the padding character, "=", incorrectly by default. This behavior exists in the library's current vapid key generation. Therefore, the directions include explicit deletion of the "=" character. For historical discussion of Ruby's encoding issue, see: https://bugs.ruby-lang.org/issues/10740 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 77e6bcb..2f35d88 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ navigator.serviceWorker.register('/service-worker.js') The VAPID public key you generated earlier is made available to the client as a `UInt8Array`. To do this, one way would be to expose the urlsafe-decoded bytes from Ruby to JavaScript when rendering the HTML template. ```javascript -window.vapidPublicKey = new Uint8Array(<%= Base64.urlsafe_decode64(ENV['VAPID_PUBLIC_KEY']).bytes %>); +window.vapidPublicKey = <%= ENV['VAPID_PUBLIC_KEY'].delete('=') %>); ``` Your JavaScript code uses the `pushManager` interface to subscribe to push notifications, passing the VAPID public key to the subscription settings.