Push without notifications
On the first day of Indie Web Camp Berlin, I led a session on going offline with service workers. This covered all the usual use-cases: pre-caching; custom offline pages; saving pages for offline reading.
But on the second day, Sebastiaan spent a fair bit of time investigating a more complex use of service workers with the Push API.
The Push API is what makes push notifications possible on the web. There are a lot of moving parts—browser, server, service worker—and, frankly, it’s way over my head. But I’m familiar with the general gist of how it works. Here’s a typical flow:
- A website prompts the user for permission to send push notifications.
- The user grants permission.
- A whole lot of complicated stuff happens behinds the scenes.
- Next time the website publishes something relevant, it fires a push message containing the details of the new URL.
- The user’s service worker receives the push message (even if the site isn’t open).
- The service worker creates a notification linking to the URL, interrupting the user, and generally adding to the weight of information overload.
Here’s what Sebastiaan wanted to investigate: what if that last step weren’t so intrusive? Here’s the alternate flow he wanted to test:
- A website prompts the user for permission to send push notifications.
- The user grants permission.
- A whole lot of complicated stuff happens behinds the scenes.
- Next time the website publishes something relevant, it fires a push message containing the details of the new URL.
- The user’s service worker receives the push message (even if the site isn’t open).
- The service worker fetches the contents of the URL provided in the push message and caches the page. Silently.
It worked.
I think this could be a real game-changer. I don’t know about you, but I’m very, very wary of granting websites the ability to send me push notifications. In fact, I don’t think I’ve ever given a website permission to interrupt me with push notifications.
You’ve seen the annoying permission dialogues, right?
In Firefox, it looks like this:
Will you allow name-of-website to send notifications?
[Not Now] [Allow Notifications]
In Chrome, it’s:
name-of-website wants to
Show notifications
[Block] [Allow]
But in actual fact, these dialogues are asking for permission to do two things:
- Receive messages pushed from the server.
- Display notifications based on those messages.
There’s no way to ask for permission just to do the first part. That’s a shame. While I’m very unwilling to grant permission to be interrupted by intrusive notifications, I’d be more than willing to grant permission to allow a website to silently cache timely content in the background. It would be a more calm technology.
Think of the use cases:
- I grant push permission to a magazine. When the magazine publishes a new article, it’s cached on my device.
- I grant push permission to a podcast. Whenever a new episode is published, it’s cached on my device.
- I grant push permission to a blog. When there’s a new blog post, it’s cached on my device.
Then when I’m on a plane, or in the subway, or in any other situation without a network connection, I could still visit these websites and get content that’s fresh to me. It’s kind of like background sync in reverse.
There’s plenty of opportunity for abuse—the cache could get filled with content. But websites can already do that, and they don’t need to be granted any permissions to do so; just by visiting a website, it can add multiple files to a cache.
So it seems that the reason for the permissions dialogue is all about displaying notifications …not so much about receiving push messages from the server.
I wish there were a way to implement this background-caching pattern without requiring the user to grant permission to a dialogue that contains the word “notification.”
I wonder if the act of adding a site to the home screen could implicitly grant permission to allow use of the Push API without notifications?
In the meantime, the proposal for periodic synchronisation (using background sync) could achieve similar results, but in a less elegant way; periodically polling for new content instead of receiving a push message when new content is published. Also, it requires permission. But at least in this case, the permission dialogue should be more specific, and wouldn’t include the word “notification” anywhere.