Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sending web push to APNs (https://web.push.apple.com) responds with 403 Forbidden #207

Open
rsdickerson opened this issue Jan 15, 2024 · 5 comments

Comments

@rsdickerson
Copy link

Has anyone got web push working with iOS Safari (w/PWA)?

I posted the following on StackOverflow, but got no response.

We can send web push from java server to PWA on Android/Chrome works fine, but sending to PWA on iPhone/Safari fails with 403 Forbidden.

Works fine on Android phone

  • PWA gets installed on Android phone via Chrome
  • User clicks Subscribe button in app and grants permission
  • App gets Subscription using server's VAPID public key
  • PWA sends Subscription (endpoint, keys) to server
  • Server sends web push to subscription endpoint (https://fcm.googleapis.com/fcm/send/...)
  • FCM responds with 201 Created
  • PWA service worker gets the "push" event and shows the notification

Request to fcm.googleapis.com

url:https://fcm.googleapis.com/wp/evZRV...IeBQGGaRfGK
Authorization=vapid t=eyJ0eXAiOi...o2jHfWJGw, k=BHBlZKwyYa...SclQckMDxE
Content-Encoding=aes128gcm
TTL=2419200
Crypto-Key=p256ecds...lQckMDxE=
Content-Type=application/octet-stream
method:POST
protocol version:HTTP/1.1
entity:[Content-Length: 219,Chunked: false]

Response

statusline:HTTP/1.1 201 Created
Location=https://fcm.googleapis.com/0:1705097911549557%0f493ae6f9fd7ecd
X-Content-Type-Options=nosniff
X-Frame-Options=SAMEORIGIN
X-Xss-Protection=0
Date=Fri, 12 Jan 2024 22:18:31 GMT
Content-Length=0
Content-Type=text/html; charset=UTF-8
Alt-Svc=h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
protocol version:HTTP/1.1
entity:[Content-Type: text/html; charset=UTF-8,Content-Length: 0,Chunked: false]

Fails on iPhone

  • PWA gets installed on iPhone via Safari
  • User clicks Subscribe button in app and grants permission
  • App gets Subscription using server's VAPID public key
  • PWA sends Subscription (endpoint, keys) to server
  • Server sends web push to subscription endpoint (https://web.push.apple.com/...)
  • FCM responds with 403 Forbidden
  • PWA service worker never gets the "push" event

Request to web.push.apple.com

url:https://web.push.apple.com/QPU8aHza...q44-RonI
Authorization=vapid t=eyJ0eXAiO...DKVX7h5g, k=BHBlZKwy...QckMDxE
Content-Encoding=aes128gcm
TTL=2419200
Crypto-Key=p256ecdsa=BHBlZKwy...clQckMDxE=
Content-Type=application/octet-stream
method:POST
protocol version:HTTP/1.1
entity:[Content-Length: 219,Chunked: false]

Response

statusline:HTTP/1.1 403 Forbidden
content-type=text/plain; charset=UTF-8
apns-id=3597065D-3C81-ED1D-A56C-E5CED97D3BC1
protocol version:HTTP/1.1
entity:org.apache.http.client.entity.DecompressingEntity@6cbc2aee

I'm using the webpush-java library to prepare the web push request. Here's the send code:

JSONObject json = new JSONObject();

json.put("title", "Hello");

json.put("body", "This is a test.");

json.put("sub","mailto:myemail@mycompany.com");

PushService pushService = new PushService(publicKey, privateKey);
Notification notification = new Notification(subscription, json);

HttpPost httppost = pushService.preparePost(notification, Encoding.AES128GCM);

HttpClient httpclient = HttpClients.createDefault();

HttpResponse response = httpclient.execute(httppost);


Any help would be greatly appreciated.

@rsdickerson
Copy link
Author

@charleshope
Copy link

It seems to me that your usage of the library is non-standard. Why bother creating your own Http objects? Maybe try following the simpler usage in the example code?

@krissvaa
Copy link

Seems to be related to this:
#201 (comment)

@don41382
Copy link

Thanks for the link @krissvaa to the comment. By adding a subject to the PushService it works 🥳 :

PushService(
    "publicKey",
    "privateKey",
    "mailto:example@mail.com",
)

@rsdickerson
Copy link
Author

Dang. My bad. I should have updated you on how I got it working. Yes, adding the subject got it going.

The docs on the webpush-java library don't show this way of instantiating the PushService. I did find it clearly shown on webpush.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants