Version: 52.0.2743.116 / 54.0.2831.0 canary
OS: OS X

What steps will reproduce the problem?

(1) Call pushManager.subscribe() *without* providing an applicationServerKey.
  - A https://android.googleapis.com/gcm/send endpoint is returned in the subscription info.
(2) Without unsubscribing, call pushManager.subscribe() *with* applicationServerKey.
  - A https://fcm.googleapis.com/fcm/send endpoint is returned in the subscription info. It does not appear to be possible to send messages to the client using these subscription details.

What is the expected output?

Messages can be sent to the client using the "upgraded" subscription details. The old subscription is either destroyed, or can be used in conjunction with the new one.

What do you see instead?

Messages cannot be sent to the client; the error is HTTP/1.1 400 UnauthorizedRegistration. (See below.) The old subscription can still be used.

A few more notes:

- If the initial subscribe() call includes applicationServerKey, the messages can be sent to the client. The problem only occurs when upgrading (or downgrading).
- If the client unsubscribes between (1) and (2), the subscription information received in (2) can be used to send messages.
- In Firefox, the pushManager.subscribe() of (2) fails with "A subscription with a different application server key already exists."
- With this behavior, it seems the only way to upgrade a client (Chrome or FF) from a subscription initialized without applicationServerKey (GCM?) to one with is via periodic speculative unsubscribing and re-subscribing, which is inconvenient.

$ echo -ne '\x40\x0c\x50\xc7\xbd\x1c\xeb\x41\xb6\x56\xfb\xd5\x5e\x33\xc1\x9b\x99\x53\xc4\x11\xc2\xaa\x1b\xc4\x72\x52\x54\xb6\x66\x7d' | curl -v -H 'Content-Type: application/octet-stream' -H 'Content-Encoding: aesgcm' -H 'Encryption: keyid=p256dh;salt=Za4cXS3x4Fu_v6Oc-YB6sA' -H 'Crypto-Key: keyid=p256dh;dh=BD6raYLqPC9nut4l4ZRJ9nScdH7aCtKbPaPKOidBrGnoMcbYQ2bKZblEQlfU1oVnS1JdWIVq4avs-wEp4nmf9Gk;p256ecdsa=BEWnbW1JD6mZjLNUWnoqB4kwCkISACYZ_Hpmn1awLYLT_j90Y_enfiC7cT7hUSRiNwLOYVrC4ro5QRcRYpEJ5iI' -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJhdWQiOiJodHRwczovL2ZjbS5nb29nbGVhcGlzLmNvbSIsImV4cCI6MTQ3MTYwOTkxNywic3ViIjoiaHR0cHM6Ly9naXRodWIuY29tL3dlYi1wdXNoLWxpYnMvd2ViLXB1c2gifQ.huCU0t0gRGgy0I-fVW_BU6qA5kxOxoncJqhKW7tHoIVTExAr9ZqNvw3ZtAptEHha5i0WJLGuYIwpLq_ZQfhpLA' -H 'TTL: 2419200' -H 'Content-Length: 30' 'https://fcm.googleapis.com/fcm/send/eMdyo2AM-Dc:APA91bGRu7cUM8XIKHKOYXlg7mOq9TGEbNF6C_wH6jTi0tzPe6T7rSpJIlcDKniu5vZnIqj9so_lQHCeschNkDnx2nuU2FdNWKnFOxK94WJNd5WiiuURe2v_vegecQSOLBMzVm5jdyJ8' --data-binary @-
* Hostname was NOT found in DNS cache
*   Trying 2a00:1450:400c:c01::5f...
* Connected to fcm.googleapis.com (2a00:1450:400c:c01::5f) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
* 	 subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=*.googleapis.com
* 	 start date: 2016-08-10 18:12:00 GMT
* 	 expire date: 2016-11-02 18:12:00 GMT
* 	 subjectAltName: fcm.googleapis.com matched
* 	 issuer: C=US; O=Google Inc; CN=Google Internet Authority G2
* 	 SSL certificate verify ok.
> POST /fcm/send/eMdyo2AM-Dc:APA91bGRu7cUM8XIKHKOYXlg7mOq9TGEbNF6C_wH6jTi0tzPe6T7rSpJIlcDKniu5vZnIqj9so_lQHCeschNkDnx2nuU2FdNWKnFOxK94WJNd5WiiuURe2v_vegecQSOLBMzVm5jdyJ8 HTTP/1.1
> User-Agent: curl/7.35.0
> Host: fcm.googleapis.com
> Accept: */*
> Content-Type: application/octet-stream
> Content-Encoding: aesgcm
> Encryption: keyid=p256dh;salt=Za4cXS3x4Fu_v6Oc-YB6sA
> Crypto-Key: keyid=p256dh;dh=BD6raYLqPC9nut4l4ZRJ9nScdH7aCtKbPaPKOidBrGnoMcbYQ2bKZblEQlfU1oVnS1JdWIVq4avs-wEp4nmf9Gk;p256ecdsa=BEWnbW1JD6mZjLNUWnoqB4kwCkISACYZ_Hpmn1awLYLT_j90Y_enfiC7cT7hUSRiNwLOYVrC4ro5QRcRYpEJ5iI
> Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJhdWQiOiJodHRwczovL2ZjbS5nb29nbGVhcGlzLmNvbSIsImV4cCI6MTQ3MTYwOTkxNywic3ViIjoiaHR0cHM6Ly9naXRodWIuY29tL3dlYi1wdXNoLWxpYnMvd2ViLXB1c2gifQ.huCU0t0gRGgy0I-fVW_BU6qA5kxOxoncJqhKW7tHoIVTExAr9ZqNvw3ZtAptEHha5i0WJLGuYIwpLq_ZQfhpLA
> TTL: 2419200
> Content-Length: 30
> 
* upload completely sent off: 30 out of 30 bytes
< HTTP/1.1 400 UnauthorizedRegistration
< Content-Type: text/html; charset=UTF-8
< Date: Thu, 18 Aug 2016 12:32:40 GMT
< Expires: Thu, 18 Aug 2016 12:32:40 GMT
< Cache-Control: private, max-age=0
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
* Server GSE is not blacklisted
< Server: GSE
< Alternate-Protocol: 443:quic
< Alt-Svc: quic=":443"; ma=2592000; v="35,34,33,32,31,30"
< Accept-Ranges: none
< Vary: Accept-Encoding
< Transfer-Encoding: chunked
< 
<HTML>
<HEAD>
<TITLE>UnauthorizedRegistration</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>UnauthorizedRegistration</H1>
<H2>Error 400</H2>
</BODY>
</HTML>
* Connection #0 to host fcm.googleapis.com left intact