Why would it require HTTPS? This is a javascript library that allows you to hook into a native browser function (showing desktop notifications). There are no web services involved.
Why does this require HTTPS? How do I work around this during development?
Service workers require secure origins to ensure that the service worker script is from the intended origin and hasn’t come about from a man-in-the-middle attack. Currently, that means using HTTPS on live sites, though localhost will work during development.
To answer the "how do I work around this during development": non-HTTPS is permitted on localhost (this is at least the case in Chrome). The spec also hints at this (https://w3c.github.io/push-api/#security-and-privacy-conside...). But, as has already been mentioned, this is about desktop notifications and not web push.
So, I think there is some misunderstanding here. What you've linked here are Push notifications, which yes, go through GCM and do require web service calls. This JS library is doing Desktop notifications, which afaik, are an entirely different thing, and are strictly limited to "within the context of the active page."
Presumably grandparent post was paranoid that http websites have some lower status in terms of being able to send notifications. Not a likely scenario, but not an entirely unreasonable question.
The browser push APIs do require HTTPS, since browsers refuse to install service workers otherwise (which is required for them to function...). That said, the demo is hosted over plain HTTP, and seems to work for me (Chrome 50, Linux).
