Skip to content

Clean up stale subscriptions (403 errors) #128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
iMattPro merged 3 commits into from
May 16, 2026
Merged

Clean up stale subscriptions (403 errors) #128

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5fc2578
Handle 403 issues
iMattPro May 15, 2026
7830f70
Fix issues with timestamps and improve update sub db handling
iMattPro May 15, 2026
2ebcb4d
A touch of code cleanup
iMattPro May 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 8 additions & 7 deletions notification/method/webpush.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -282,7 +282,7 @@ protected function notify_using_webpush(): void
if (!$report->isSuccess())
{
// Fill array of endpoints to remove if subscription has expired or is permanently gone.
// Library checks for 404/410; we also check for 401 (Unauthorized) and endpoints
// Library checks for 404/410; we also check for 401/403 auth failures and endpoints
// using the .invalid TLD (e.g. permanently-removed.invalid), which per RFC 6761 are
// guaranteed to never resolve and are used as a sentinel for dead subscriptions.
if ($report->isSubscriptionExpired() || $this->is_subscription_unauthorized($report) || $this->is_endpoint_permanently_removed($report->getEndpoint()))
Expand Down Expand Up @@ -384,7 +384,7 @@ public function get_ucp_template_data(helper $controller_helper, form_helper $fo
{
$subscriptions[] = [
'endpoint' => $subscription['endpoint'],
'expirationTime' => (int) $subscription['expiration_time'],
'expirationTime' => max(0, (int) $subscription['expiration_time']) * 1000,
];
}
}
Expand Down Expand Up @@ -500,19 +500,20 @@ protected function set_endpoint_padding(\Minishlink\WebPush\WebPush $web_push, s
}

/**
* Check if subscription push failed with 401 Unauthorized status
* Check if subscription push failed with a permanent authorization error
*
* 401 indicates the push service no longer accepts this subscription,
* typically due to revoked credentials or subscription no longer being valid.
* 401/403 indicate the push service no longer accepts this subscription,
* typically due to revoked credentials, rotated VAPID keys, or the
* subscription no longer being valid for the current credentials.
*
* @param \Minishlink\WebPush\MessageSentReport $report
*
* @return bool True if subscription returned 401 Unauthorized
* @return bool True if subscription returned 401 Unauthorized or 403 Forbidden
*/
protected function is_subscription_unauthorized(\Minishlink\WebPush\MessageSentReport $report): bool
{
$response = $report->getResponse();
return $response && $response->getStatusCode() === 401;
return $response && in_array($response->getStatusCode(), [401, 403], true);
}

/**
Expand Down
Loading
Loading