XF 2.1 push notifications requires the site to be accessible over HTTPS

[foiovitor]

Anyone now why?

Enabling push notifications requires the site to be accessible over HTTPS.


Server environment:

 

[Kirby]

HTTPS is required to use the Push API. Besides that, every website should use HTTPS anway. It's a de-facto technical requirement for HTTP/2 and a legal requirement for login under GDPR.

 

[Ozzy47]

Anyone now why?

Enabling push notifications requires the site to be accessible over HTTPS.

Chris explained that here:

In addition to this, your site must be running over HTTPS with a valid SSL certificate, and you must have support for the GMP extension.

Unfortunately for reasons beyond our control (read: it's Apple's fault) the list of supported devices/browsers notably exclude Safari on macOS and any iOS-based browser. This functionality is made possible by making use of a number of APIs including the Push API and Notification API which most browsers support already.

 

[foiovitor]

HTTPS is required to use the Push API. Besides that, every website should use HTTPS anway. It's a de-facto technical requirement for HTTP/2 and a legal requirement for login under GDPR.

That site use HTTPS. Look the address at 2nd image

 

[Kirby]

Reverse Proxy?

 

[foiovitor]

Reverse Proxy?

Cloudflare with dedicated SSL certified... Can be the problem?

 

[Kirby]

Yes, absolutely. Most likely the connection to your origin server is not HTTPS and XF can't detect that it is secure from client point of view.

 

[foiovitor]

Yes, absolutely. Most likely the connection to your origin server is not HTTPS and XF can't detect that it is secure from client point of view.

Change from Flexible SSL to Full SSL at Cloudflare Crypto Dashboard and push are working now! So simply

Flexible SSL: You cannot configure HTTPS support on your origin, even with a certificate that is not valid for your site. Visitors will be able to access your site over HTTPS, but connections to your origin will be made over HTTP.
Full SSL: Your origin supports HTTPS, but the certificate installed does not match your domain or is self-signed. Cloudflare will connect to your origin over HTTPS, but will not validate the certificate.