Notifications API can no longer be used on insecure sites

Published: | Categories: DOM, Privacy & Security


As of Firefox 67, the Notifications API requires sites to be served via HTTPS in order to request a permission to display desktop notifications, including push notifications through a service worker. Since the Service Worker API and Push API have always required secure sites, this change only affects traditional use cases of the Notification.requestPermission method, which is currently less than 2% according to Mozilla’s Telemetry. The console logs an error when a request is forbidden. Google Chrome has already done the same change in 62.