Web push notifications from iframe

Is it possible to subscribe the users to web push notifications from an iframe?

The short answer is NO.

Browsers want to make it clear to the users which website (domain) is asking the permission to display notifications.

For this reason all the browsers, including Chrome and Firefox, require that the website asks for permission from the top-level window. This avoids confusion and improves the user experience, security and privacy.

In case of need, you can use some workarounds to use a top-level window from an iframe:

  • open a new top level window from the iframe (e.g. target="_blank")
  • redirect the top level window (e.g. target="_top")
  • post a message from the iframe to the top level window (e.g. postMessage()).

You can also find useful information in the official documentation of Firefox and Chrome:

You can no longer allow notification permissions to be requested from cross-origin <iframe>s.

MDN: Using the Notifications API

To summarize: permission can only be requested from a top-level frame belonging to a secure origin (i.e. https). Once permission has been granted, we don’t care whether the APIs used from a top-level frame or an iframe.

Chromium Issue 430496: Disallow Push API in iframes

Leave a Comment