Three-Layer Push Notification Bug Traced to CSP, False Delivery Signal, and Ghost Worker
A developer spent nearly 90 minutes overnight diagnosing why push notifications sent via OneSignal never reached users, despite the admin panel showing them as successfully sent. The first issue was a Content Security Policy header blocking a script OneSignal needed to complete subscription setup, which was only visible through raw network requests rather than the UI. The second problem stemmed from the code treating message creation — confirmed by an API response and ID — as proof of delivery, when OneSignal's newer API does not include a recipient count in that initial response. A third, harder-to-find cause was a leftover default service worker file sitting alongside the custom one, meaning some browsers had registered the old file and were not receiving push events even after the new worker was deployed. Each layer appeared to function correctly in isolation, making the combined failure invisible until each system was examined independently.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)
Log in to join the discussion and vote.
Log in