Refactor WebPushSubscription logic to streamline subscription creation

Fix CSRF token handling and update fetch URL for push subscription
Fix fetch URL in push notification subscription to include leading slash
2026-01-31 18:05:10 +05:30 · 2026-01-31 18:04:26 +05:30 · 2026-01-31 18:01:42 +05:30
2 changed files with 20 additions and 20 deletions
--- a/resources/views/filament/pages/notification-settings.blade.php
+++ b/resources/views/filament/pages/notification-settings.blade.php
@@ -42,7 +42,7 @@

    <script>
        const vapidKey = "{{ config('webpush.vapid.public_key') }}";
-        // const csrfToken = "{{ csrf_token() }}";
+        const csrfToken = "{{ csrf_token() }}";

        async function registerPush() {
            if (!('serviceWorker' in navigator)) return;
@@ -57,11 +57,11 @@
                applicationServerKey: vapidKey
            });

-            await fetch('api/push/subscribe', {
+            await fetch('/push/subscribe', {
                method: 'POST',
                headers: {
                    'Content-Type': 'application/json',
-                    // 'X-CSRF-TOKEN': csrfToken
+                    'X-CSRF-TOKEN': csrfToken
                },
                body: JSON.stringify(subscription)
            });
--- a/routes/web.php
+++ b/routes/web.php
@@ -58,30 +58,30 @@ use App\Http\Livewire\CustomLogin;
        'keys.auth' => 'required|string',
    ]);

-    // WebPushSubscription::updateOrCreate(
-    //     ['endpoint' => $request->endpoint],
-    //     [
-    //         'subscribable_type' => get_class($user),
-    //         'subscribable_id'   => $user->id,
-    //         'public_key'        => $request->keys['p256dh'],
-    //         'auth_token'        => $request->keys['auth'],
-    //         'content_encoding'  => $request->contentEncoding ?? 'aesgcm',
-    //     ]
-    // );
-
    WebPushSubscription::updateOrCreate(
+        ['endpoint' => $request->endpoint],
        [
-            'endpoint'          => $request->endpoint,
            'subscribable_type' => get_class($user),
            'subscribable_id'   => $user->id,
-        ],
-        [
-            'public_key'       => $request->keys['p256dh'],
-            'auth_token'       => $request->keys['auth'],
-            'content_encoding' => $request->contentEncoding ?? 'aesgcm',
+            'public_key'        => $request->keys['p256dh'],
+            'auth_token'        => $request->keys['auth'],
+            'content_encoding'  => $request->contentEncoding ?? 'aesgcm',
        ]
    );

+    // WebPushSubscription::updateOrCreate(
+    //     [
+    //         'endpoint'          => $request->endpoint,
+    //         'subscribable_type' => get_class($user),
+    //         'subscribable_id'   => $user->id,
+    //     ],
+    //     [
+    //         'public_key'       => $request->keys['p256dh'],
+    //         'auth_token'       => $request->keys['auth'],
+    //         'content_encoding' => $request->contentEncoding ?? 'aesgcm',
+    //     ]
+    // );
+

    return response()->json(['success' => true]);
 });
Author	SHA1	Message	Date
dhanabalan	4a796a670a	Refactor WebPushSubscription logic to streamline subscription creation Some checks failed Scan for leaked secrets using Kingfisher / kingfisher-secrets-scan (push) Has been cancelled Details Gemini PR Review / Gemini PR Review (pull_request) Has been cancelled Details Scan for leaked secrets using Kingfisher / kingfisher-secrets-scan (pull_request) Has been cancelled Details Laravel Larastan / larastan (pull_request) Has been cancelled Details Laravel Pint / pint (pull_request) Has been cancelled Details	2026-01-31 18:05:10 +05:30
dhanabalan	4577f67d0a	Fix CSRF token handling and update fetch URL for push subscription Some checks failed Scan for leaked secrets using Kingfisher / kingfisher-secrets-scan (push) Has been cancelled Details	2026-01-31 18:04:26 +05:30
dhanabalan	be2151a072	Fix fetch URL in push notification subscription to include leading slash Some checks failed Scan for leaked secrets using Kingfisher / kingfisher-secrets-scan (push) Has been cancelled Details Gemini PR Review / Gemini PR Review (pull_request) Has been cancelled Details Scan for leaked secrets using Kingfisher / kingfisher-secrets-scan (pull_request) Has been cancelled Details Laravel Larastan / larastan (pull_request) Has been cancelled Details Laravel Pint / pint (pull_request) Has been cancelled Details	2026-01-31 18:01:42 +05:30