You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
webpush.Options has a dedicated VapidExpiration field documented as:
VapidExpirationtime.Time// optional expiration for VAPID JWT token (defaults to now + 12 hours)
It was introduced in #45. SendNotificationWithContext passes it into getVAPIDAuthorizationHeader, and in #45, getVAPIDAuthorizationHeader used it when forming the exp claim. However, what looks to have been a faulty merge conflict resolution in #46 seems to have reverted the change in getVAPIDAuthorizationHeader, leaving expiration unused:
webpush.Optionshas a dedicatedVapidExpirationfield documented as:It was introduced in #45.
SendNotificationWithContextpasses it intogetVAPIDAuthorizationHeader, and in #45,getVAPIDAuthorizationHeaderused it when forming theexpclaim. However, what looks to have been a faulty merge conflict resolution in #46 seems to have reverted the change ingetVAPIDAuthorizationHeader, leavingexpirationunused:token := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{ - "aud": fmt.Sprintf("%s://%s", subURL.Scheme, subURL.Host), - "exp": expiration.Unix(), - "sub": fmt.Sprintf("mailto:%s", subscriber), + "aud": subURL.Scheme + "://" + subURL.Host, + "exp": time.Now().Add(time.Hour * 12).Unix(), + "sub": "mailto:" + subscriber, })As a result, the VAPID JWT expiration is always now+12 hours, even when explicitly set otherwise.
The text was updated successfully, but these errors were encountered: