Search…
Configuration
VAPID Support
To enable the VAPID header feature, you must install a JWS Provider (see installation) and configure it with your public and private key (see this page to create these keys)
config/packages/webpush.yaml
1
webpush:
2
vapid:
3
enabled: true # Enable the feature
4
subject: 'https://my-service.com:8000' # An URL or an email address
5
web_token:
6
enabled: true # We use web-token in this example
7
public_key: 'BB4W1qfBi7MF_Lnrc6i2oL-glAuKF4kevy9T0k2vyKV4qvuBrN3T6o9-7-NR3mKHwzDXzD3fe7XvIqIU1iADpGQ'
8
private_key: 'C40jLFSa5UWxstkFvdwzT3eHONE2FIJSEsVIncSCAqU'
Copied!
When using
lcobucci/jwt, the configuration is very similar.config/packages/webpush.yaml
1
webpush:
2
vapid:
3
enabled: true
4
subject: 'https://my-service.com:8000'
5
lcobucci:
6
enabled: true # We use web-token in this example
7
public_key: 'BB4W1qfBi7MF_Lnrc6i2oL-glAuKF4kevy9T0k2vyKV4qvuBrN3T6o9-7-NR3mKHwzDXzD3fe7XvIqIU1iADpGQ'
8
private_key: 'C40jLFSa5UWxstkFvdwzT3eHONE2FIJSEsVIncSCAqU'
Copied!
You cannot enable both
web-token and lcobucci/jwt at the same timeToken Lifetime
By default, the library generates VAPID headers that are valid for 1 hour. You can change this value if needed. The parameter requires a relative string as showed in the PHP documentation.
config/packages/webpush.yaml
1
webpush:
2
vapid:
3
enabled: true
4
token_lifetime: 'now +2 hours'
Copied!
The token lifetime should not be greater than 24 hours. Most of the Web Push Services will reject such long-life tokens
Payload Support
Padding
To obfuscate the real length of the notifications, messages can be padded before encryption. This operation consists in the concatenation of your message and arbitrary data in front of it. When encrypted, the messages will have the same size which reduces attacks.
By default, the padding is set to
recommended i.e. ~3k bytes.Acceptable values for this parameter are:
none: no paddingrecommended: default valuemax: see warning below- an integer: should be between
0and4078or3993forAESGCMandAES128GCMrespectively
config/packages/webpush.yaml
1
webpush:
2
payload:
3
aesgcm:
4
padding: 'none' # "none", "recommended", "max" or an integer (0 to 4078)
5
aes128gcm:
6
padding: 'none' # "none", "recommended", "max" or an integer (0 to 3993)
Copied!
Please don't use "
none" unless your are sending notifications in a development environment.The value "
max" increases the integrity protection of the messages, but there are known issues on Android and notification are not correctly delivered.Caching
The notifications may have a payload. This payload is encrypted on server side and, during this process, a random key is generated.
The creation of this random key takes approximately 150ms and can impact your server performance when sending thousand of notifications at once.
To reduce the impact on your server, you can enable the caching feature and reuse the encryption key for a defined period of time.
As encryption keys will be stored in the cache, you should make sure the cache is not shared otherwise you may have a security issue.
This parameter requires a PSR-6 Cache compatible service. If you set
Psr\Log\CacheItemPoolInterface, the default Symfony cache will be used.config/packages/webpush.yaml
1
webpush:
2
payload:
3
aesgcm:
4
cache: Psr\Cache\CacheItemPoolInterface
5
cache_lifetime: '+1 hour' #Default: now +30min
6
aes128gcm:
7
cache: Psr\Cache\CacheItemPoolInterface
8
cache_lifetime: '+1 hour' #Default: now +30min
Copied!
You can see the impact of this feature on the CI/CD Pipelines of this library. Go the https://github.com/Spomky-Labs/web-push/actions?query=workflow%3ABenchmark and find a summary table displayed at the end of each test.
Debugging
If you have troubles sending notifications, you can log some messages from the libray. To do so, you just have to set the parameter logger in the configuration.
This parameter requires a PSR-3 logger. If you set
Psr\Log\LoggerInterface, the Symfony logger will be used (PSR-3 copmpatible).config/packages/webpush.yaml
1
webpush:
2
logger: Psr\Log\LoggerInterface
Copied!
Export as PDF
Copy link