Home > Blockchain >  Can a server trust any endpoint url from a web-push subscription?
Can a server trust any endpoint url from a web-push subscription?

Time:02-22

Even if a user is authenticated, there is no assurance that they are not a malicious hacker. How can I validate the push servers from the web push subscription endpoints? Is there a white list of push servers? Is there any other approach to validation? How can I do this in Java?

CodePudding user response:

We maintain and use this whitelist in production, it is still valid:

https://github.com/pushpad/known-push-services

You should connect only to the whitelisted hosts to avoid unexpected behaviors - otherwise a non response, slow response, etc. from malicious servers can degrade your services.

Then when you connect to a known / trusted host you can simply validate the HTTP status code.

Page link:https//www.codepudding.com/Blockchain/310018.html

Prev:How to use non-default Google Service Account credentials with SecretManagerService in Google Cloud
Next:Dereference pointer from unnamed namespace not working
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding