Chrome v61 Update: How It Impacts Web Push Opt-In for HTTP websites

September 6, 2017 - 3 minutes read

Google Chrome v61Google recently released the Chrome Browser version 61 and the subsequent releases are expected to change the way users opt-in for Web Push notifications on HTTP websites.

What has changed?

As part of this update, Chrome will revoke access to iFrames for asking permissions from HTTP website users.

Why does it matter?

Currently, under 1-Click Opt-in for HTTP sites, users see a Hard Ask through an iFrame on behalf of the configured HTTPs subdomain. Post this, a pop-up appears and auto-closes.

Now, the 1-Click Opt-in will be replaced with a Two Step Opt-in, where the Hard Ask will appear in a New Tab post redirection.

We have accommodated these changes, in a way that doesn’t affect the overall experience for your website users. Rest assured, there will be no disruption in services. We strongly recommend all HTTP sites using 1-Click Opt-In to adopt Two Step Opt-In Approach.

What It Means for HTTP websites

1-Click Opt-In will no longer work on HTTP sites for Chrome v61 and higher. To facilitate the Two Step Opt-In, we recommend you configure the Push Settings in your app. 

If you are already using the Two-Step Opt-In, users will now be asked for permission via a Hard Ask after redirection to a New Tab. There will be no popups that appear and auto-close anymore. This change applies to all browsers and versions.

If you are using Self-Handled approach to Opt-In, users will be shown a Soft Ask at first followed by a Hard Ask that will appear in a New Tab post redirection. Please configure and implement a Soft Ask on your website if you haven’t already. This change applies to all browsers and versions.

The New Tab would auto-close and the user will be taken back to the HTTP website after responding to the Hard Ask.

Here’s an example of the new Two-step Opt-in via a redirection.
google chrome v61

Note: The process of sending Web Push notifications after Opt-In remains the same.

For HTTPS (Secure) Websites

This update has NO implication for HTTPS sites. You continue to use your preferred Opt-In approach (1-Click, Two Step or Self-Handled) to subscribe users and retarget them with web push notifications.

How the Team at Chrome Explains this:

“Permission requests from iframes can confuse users since it is difficult to distinguish between the containing page’s origin and the origin of the iframe that is making the request. When the requests scope is unclear, it is difficult for users to judge whether to grant or deny permission.”

We hope you make the best of the new Two Step Opt-In system in place for HTTP sites. For any queries, feel free to write to us on product@moengage.com.

Tags: