From 4180024b7ebef20e177797419f13dbfacfbf1893 Mon Sep 17 00:00:00 2001
From: Vyr Cossont <VyrCossont@users.noreply.github.com>
Date: Sun, 19 Jan 2025 16:23:11 -0800
Subject: [PATCH] Disallow cleartext HTTP for Web Push servers

---
 internal/api/client/push/pushsubscriptionpost.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/internal/api/client/push/pushsubscriptionpost.go b/internal/api/client/push/pushsubscriptionpost.go
index 96927ec7a..a7e299894 100644
--- a/internal/api/client/push/pushsubscriptionpost.go
+++ b/internal/api/client/push/pushsubscriptionpost.go
@@ -225,8 +225,7 @@ func validateNormalizeCreate(request *apimodel.WebPushSubscriptionCreateRequest)
 	if err != nil {
 		return errors.New("endpoint must be a valid URL")
 	}
-	// TODO: (Vyr) remove http option after testing
-	if endpointURL.Scheme != "https" && endpointURL.Scheme != "http" {
+	if endpointURL.Scheme != "https" {
 		return errors.New("endpoint must be an https:// URL")
 	}
 	if endpointURL.Host == "" {