This issue exists since the new version 5.1.2.
What I did: Try to send a push message with VAPID, using Chrome 133.
Result: The push-service answered HTTP 403: permission denied: crypto-key header had invalid format. crypto-key header should have the following format: p256ecdsa=base64(publicApplicationServerKey)
Reason: The error disappears when reverting the following change between version 5.1.1 and 5.1.2. in AbstractPushService:
I checked that it can also be solved by replacing Base64.getUrlEncoder().encodeToString(pk) by Base64.getUrlEncoder().withoutPadding().encodeToString(pk).
withoutPadding was simply missed here during the task of replacing Base64Encoder.
By the way: I believe that the constructors of Notification that use Base64.getUrlDecoder() and Utils.loadPublicKey don't work because of the usage of the URL-decoder. The example in https://github.com/web-push-libs/webpush-java/wiki/Usage-Example implements the BASE64-decoding by using Base64.getDecoder() and not Base64.getUrlDecoder().
This issue exists since the new version 5.1.2.
What I did: Try to send a push message with VAPID, using Chrome 133.
Result: The push-service answered HTTP 403:
permission denied: crypto-key header had invalid format. crypto-key header should have the following format: p256ecdsa=base64(publicApplicationServerKey)Reason: The error disappears when reverting the following change between version 5.1.1 and 5.1.2. in
AbstractPushService:I checked that it can also be solved by replacing
Base64.getUrlEncoder().encodeToString(pk)byBase64.getUrlEncoder().withoutPadding().encodeToString(pk).withoutPaddingwas simply missed here during the task of replacingBase64Encoder.By the way: I believe that the constructors of
Notificationthat useBase64.getUrlDecoder()andUtils.loadPublicKeydon't work because of the usage of the URL-decoder. The example in https://github.com/web-push-libs/webpush-java/wiki/Usage-Example implements the BASE64-decoding by usingBase64.getDecoder()and notBase64.getUrlDecoder().