You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 13, 2023. It is now read-only.
While trying to work out an issue with the Vapid python library, I noted that I am getting a 401 "Request did not validate missing authorization header" when using an RFC VAPID header. This error is generated by autopush.web.webpush.WebPushSubscriptionSchema.extract_subscription() whenever there is any VAPID error, which isn't super helpful.
Unit tests show that this should be working ok. Will need to do some work to remember incantation to get an endpoint I can test against locally and work out what's going on.
The text was updated successfully, but these errors were encountered:
jrconlin
added
the
5
Estimate - l - Moderately complex, will require some effort but clearly defined.
label
Oct 5, 2020
A 401 (Unauthorized) status code might be used if the authentication is absent; a 403 (Forbidden) status code might be used if authentication is invalid.
The potential problem I'm seeing is that some libraries rely on the 403 error code to automatically remove the invalid endpoints. Thus, returning 401 means those users won't get removed, which ends up in multiple failed messages to invalid endpoints hammering the push server. I don't know if it could end up with the publishers being banned but that could be possible as well. This doesn't happen with Chrome Push API though, which indeed returns 403 for those invalid endpoints.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
5Estimate - l - Moderately complex, will require some effort but clearly defined.
While trying to work out an issue with the Vapid python library, I noted that I am getting a 401 "Request did not validate missing authorization header" when using an RFC VAPID header. This error is generated by
autopush.web.webpush.WebPushSubscriptionSchema.extract_subscription()
whenever there is any VAPID error, which isn't super helpful.Unit tests show that this should be working ok. Will need to do some work to remember incantation to get an endpoint I can test against locally and work out what's going on.
The text was updated successfully, but these errors were encountered: