Use matrix.org's push gateway by default with UnifiedPush #3185
Description
Your use case
What would you like to do?
Sygnal, the push gateway behind https://matrix.org/_matrix/push/v1/notify supports WebPush. This can be used to push to UnifiedPush endpoints, which is compatible with WebPush
Why would you like to do it?
This avoid relying on an external service (the current push gateway hosted by unifiedpush.org)
This gives E2EE to the notifications which is a good point regarding security
How would you like to achieve it?
- Add a new appId to matrix.org's sygnal config:
- (example) name: im.vector.app.unifiedpush
- type: webpush
- The pusher data have to be updated see (https://github.com/element-hq/hydrogen-web/blob/9b68f30aad329c003ead70ff43f289e293efb8e0/src/platform/web/dom/NotificationService.js#L32).
- Use UnifiedPush's new release of the library (3.0.0-rc2) which does the notifications decryption
- Matrix.org's sygnal may have to be configured to accept all endpoints (which is the goal of webpush). It is not a security issue (SSRF) if the server can't access any internal networks or local services that aren't exposed on the Internet. Else, local IP must be blocked, like synapse does.
- Change the default gateway to use
https://matrix.org/_matrix/push/v1/notify
And it should work.
Note
The discovery request to catch self-hosted gateway is still used and available
Have you considered any alternatives?
A new push kind would be added to matrix specifications to allow webpush, that would bring encrypted push messages in the same time (matrix-org/matrix-spec-proposals#3013)
Additional context
Are you willing to provide a PR?
No