I switched from gcm to vapid about a week ago following the instructions on the html5 push notifications component page. It seemed to work fine until this morning when I started to receive a message that the push failed with a 403 forbidden error
Had anyone else seen this? I’m at loss where to look, I haven’t changed anything apart from following the migration instructions.
Are you using Nginx as a Proxy?
And when you say it was working till this morning, what changed? Did the machine your HASS is running off of reboot? Did the computer you were getting HTML5 notifications reboot? Did the router reboot? What changed?
Yes, I use nginx for reverse proxy, but that isn’t new. I don’t believe the router or the docker host (QNAP TS-451+ running Container Station) was rebooted. There is a pending firmware update, but I haven’t updated yet.
Thanks for the link to the documentation, I hadn’t seen that. I’ll check my nginx config.
Same problem here. Entered the public, private, and email field. Registered my PC (Firefox) and phone (Android) and sent a test message. My PC received the notification directly, while it also gave a 403 error from Google (my phone).
I’ve migrated from FCM to Vapid, and since my PC received it I assume all is good on my end. I have no reverse proxy or whatever.
In the Google Cloud Console (not Firebase Console), search the Library for fcm and make sure the Firebase Messaging API is enabled. I saw that in another form as something to try, but it didn’t help in my case.
Sorry to steal your thread, but where do I do that? I would assume that because I have generated the private and public FCM keys I would be good to go? Don’t see a place to enable or disable it in settings.
Unfortunately, changing the nginx config didn’t help.
I have exactly the same problem. I am new to Home Assistant. I’ve setup push notifications this morning with the vapid settings. I’ve received push notifications on my Android phone. After a reboot of HASS.IO it suddenly stopped working. I don’t know how to solve this.
Sat Apr 13 2019 15:53:33 GMT+0200 (CEST)
Push failed: <Response [403]>:
Error 403 (Forbidden)!!1 *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/logos/errorpage/error_logo-150x54.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/logos/errorpage/error_logo-150x54-2x.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/logos/errorpage/error_logo-150x54-2x.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/logos/errorpage/error_logo-150x54-2x.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}403. That’s an error.
That’s all we know. Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/homeassistant/components/websocket_api/commands.py", line 122, in handle_call_service connection.context(msg)) File "/usr/local/lib/python3.7/site-packages/homeassistant/core.py", line 1138, in async_call self._execute_service(handler, service_call)) File "/usr/local/lib/python3.7/site-packages/homeassistant/core.py", line 1160, in _execute_service await handler.func(service_call) File "/usr/local/lib/python3.7/site-packages/homeassistant/components/notify/__init__.py", line 117, in async_notify_message await notify_service.async_send_message(**kwargs) File "/usr/local/lib/python3.7/concurrent/futures/thread.py", line 57, in run result = self.fn(*self.args, **self.kwargs) File "/usr/local/lib/python3.7/site-packages/homeassistant/components/html5/notify.py", line 467, in send_message self._push_message(payload, **kwargs) File "/usr/local/lib/python3.7/site-packages/homeassistant/components/html5/notify.py", line 504, in _push_message vapid_claims=self._vapid_claims File "/usr/local/lib/python3.7/site-packages/pywebpush/__init__.py", line 384, in webpush result, result.text))
That’s the same message I’m getting. It doesn’t seem to be callback related or because of nginx as I an able to call manually and I get 405 method not found instead of 403.
It seems like it’s an error from Google and not the callback.
edit: I’ve switched back to gcm and everything is working again. It’s definitely a problem with fcm.
I found this in the Google developer documentation for VAPID . Not sure if it’s relevant.
Reality of these changes
With VAPID you no longer need to sign up for an account with GCM to use push in Chrome and you can use the same code path for subscribing a user and sending a message to a user in both Chrome and Firefox. Both are following the standards.
What you need to bear in mind is that in Chrome 51 and before, Opera for Android and Samsung browser you’ll still need to define the
gcm_sender_idin your web app manifest and you’ll need to add the Authorization header to the FCM endpoint that will be returned.VAPID provides an off ramp from these proprietary requirements. If you implement VAPID it’ll work in all browsers that support web push. As more browsers support VAPID you can decide when to drop the
gcm_sender_idfrom your manifest.
Thanks but that doesn’t work.
Switching back to GCM works perfectly like in your case as well.
Android/Chrome doesn’t work while Firefox works great!
Hello everyone, I’m very new to this, I’m with hassio 0.91.3, I recently installed the nginx addon but now I have problems with html5 notifications (sometimes it notifies, sometimes not), reading the documentation I see that you have to add a new one rule to solve it, but I have no idea where to add the code:
location /api/notify.html5/callback {
if ($ http_authorization = “”) {return 403; }
allow all;
proxy_pass http: // localhost: 8123;
proxy_set_header Host $ host;
proxy_redirect http: // https: //;
}
someone who can help me? a greeting and thanks
I’m not entirely familiar with the nginx hassio add-on because I run it in it’s own container. I put the rule in the default.conf file inside of the server section:
server {
server_name blah.dyndns.org;
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /ssl/fullchain.pem;
ssl_certificate_key /ssl//privkey.pem;
proxy_buffering off;
location / {
proxy_pass http://localhost:8123;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location /api/notify.html5/callback {
allow all;
proxy_pass http://localhost:8123;
proxy_set_header Host $host;
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
proxy_redirect http:// https://;
}
}
Thanks for answer bro
I’m having the same issues, suddenly the html5 notify service stops working. I played with it last weekend and got it working again, but now it’s off again. Didn’t really do anything special to fix it either, so this vapid seems unreliably integrated into HA…
Same problem for me.
403. That’s an error.
That’s all we know.
There seems to be a lot of issues open for various problems on github, but its not the same as here: https://github.com/home-assistant/home-assistant/issues?q=is%3Aissue+html5+is%3Aopen
Also the nginx stuff is only relevant if you have a htpasswd/http basic passwd setup on your Reverse Proxy. ie. You are using nginx to auth as well as HASS Auth, etc. It is not relevant to the OP issue (IMO). I have ensured that this is true because my nginx logs have no requests from google apis when I get the error in HASS.
I am finding when I restart HASS it works for a few notifications and then after a while it stops working:
2019-04-30 20:01:35 ERROR (MainThread) [homeassistant.core] Error executing service <ServiceCall notify.html5_push (c:59aaf0c2ea15456692a2a481c24066b0): target=['phone_browser', 'laptop_browser'], message=<homeassistant.helpers.template.Template object at 0x56eacf30>, title=<homeassistant.helpers.template.Template object at 0x56eac630>>
Traceback (most recent call last):
File "/srv/homeassistant/lib/python3.5/site-packages/homeassistant/core.py", line 1147, in _safe_execute
await self._execute_service(handler, service_call)
File "/srv/homeassistant/lib/python3.5/site-packages/homeassistant/core.py", line 1160, in _execute_service
await handler.func(service_call)
File "/srv/homeassistant/lib/python3.5/site-packages/homeassistant/components/notify/__init__.py", line 112, in async_notify_message
await notify_service.async_send_message(**kwargs)
File "/usr/lib/python3.5/asyncio/futures.py", line 380, in __iter__
yield self # This tells Task to wait for completion.
File "/usr/lib/python3.5/asyncio/tasks.py", line 304, in _wakeup
future.result()
File "/usr/lib/python3.5/asyncio/futures.py", line 293, in result
raise self._exception
File "/usr/lib/python3.5/concurrent/futures/thread.py", line 55, in run
result = self.fn(*self.args, **self.kwargs)
File "/srv/homeassistant/lib/python3.5/site-packages/homeassistant/components/html5/notify.py", line 458, in send_message
self._push_message(payload, **kwargs)
File "/srv/homeassistant/lib/python3.5/site-packages/homeassistant/components/html5/notify.py", line 495, in _push_message
vapid_claims=self._vapid_claims
File "/srv/homeassistant/lib/python3.5/site-packages/pywebpush/__init__.py", line 428, in webpush
response=response)
pywebpush.WebPushException: WebPushException: Push failed: 403 Forbidden
To me it looks like it is not authenticating to Google properly on send.
I have dug some more into this; I found the library/API from google; https://developers.google.com/web/ilt/pwa/introduction-to-push-notifications#using_vapid
wrote a little nodejs script as per their example:
var webPush = require('web-push');
var pushSubscription = { "endpoint": "https://fcm.googleapis.com/fcm/send/cAsWltir...JjK58q5xqpM9ehlJdJ4vIpewrnCLrZ0aHGe....HRmY7Z7wG92gLQWzOXi8JBra8hXz", "expirationTime": null, "keys": { "auth": "fwquE6...4GQ", "p256dh": "BPCjeniAj4XIE58...E5jCYhgvsKV-A0RMVZyjLCPj216BnyLwj88o" } };
var vapidPublicKey = 'BE....bb4SJgG43FabWkmR_gXJheF7LxgfdshOmFQ';
var vapidPrivateKey = 'VCgM....xOTrmyLw';
var payload = 'Here is a payload!';
var options = {
vapidDetails: {
subject: 'mailto:[email protected]',
publicKey: vapidPublicKey,
privateKey: vapidPrivateKey
},
TTL: 60
};
webPush.sendNotification(
pushSubscription,
payload,
options
).then(function (res) {
// console.log of stuff
})
.catch(function(error){
console.log(error);
process.exit(1);
});
and received the following response:
# node test.js
{ WebPushError: Received unexpected response code
at IncomingMessage.<anonymous> (/node_modules/web-push/src/web-push-lib.js:317:20)
at IncomingMessage.emit (events.js:194:15)
at endReadableNT (_stream_readable.js:1125:12)
at process._tickCallback (internal/process/next_tick.js:63:19)
name: 'WebPushError',
message: 'Received unexpected response code',
statusCode: 403,
headers:
{ 'content-length': '1449',
'content-type': 'text/html; charset=utf-8',
'x-content-type-options': 'nosniff',
'x-frame-options': 'SAMEORIGIN',
'x-xss-protection': '1; mode=block',
date: 'Tue, 30 Apr 2019 11:00:23 GMT',
'alt-svc': 'quic=":443"; ma=2592000; v="46,44,43,39"',
connection: 'close' },
body:
'\n<!DOCTYPE html>\n<html lang=en>\n <meta charset=utf-8>\n <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">\n <title>Error 403 (Forbidden)!!1</title>\n <style>\n *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/logos/errorpage/error_logo-150x54.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/logos/errorpage/error_logo-150x54-2x.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/logos/errorpage/error_logo-150x54-2x.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/logos/errorpage/error_logo-150x54-2x.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}\n </style>\n <a href=//www.google.com/><span id=logo aria-label=Google></span></a>\n <p><b>403.</b> <ins>That’s an error.</ins>\n <p> <ins>That’s all we know.</ins>\n',
endpoint:
'https://fcm.googleapis.com/fcm/send/cAsW....8JBra8hXz' }
so it seems there are problems with my keys? I will try regenerating them all and get back to this thread.
Ok, so!!!
Following these instructions
With the domain verified, go to https://console.firebase.google.com, select import Google project and select the project you created.
Then, click the cogwheel on top left and select “Project settings”.
Select ‘Cloud Messaging’ tab.
Generate a new key pair under the Web configuration listing at the bottom of the page. To view the private key click the three dots to the right and ‘Show private key’.
from the notification docs, I created a new key pair… and they work. I will see if they continue to work over the next few days.