Re: [w3c/webpayments] [Payment Request] Should we allow a "polling" mechanism for websites to not invoke the API if there are no enabled methods (#159) from Shane McCarron on 2016-07-12 (public-payments-wg@w3.org from July 2016)

From: Shane McCarron <notifications@github.com>
Date: Tue, 12 Jul 2016 05:03:29 -0700
To: w3c/webpayments <webpayments@noreply.github.com>
Cc: webpayments <public-payments-wg@w3.org>, Comment <comment@noreply.github.com>
Message-ID: <w3c/webpayments/issues/159/232027002@github.com>

@adrianhopebailie said:

> The privacy issue we haven't yet solved is merchants polling the API multiple times with different payment requests to determine what payment methods the user supports. We could conceivably only allow the website to call this once (specifically how this might be done I'm not sure yet)

Well - I expect that various implementations will address this by limiting the frequency with which the PaymentRequest object can be created.  Alternately, we could define the object as a singleton - an object for which there can only be one in any given context.  That plus a frequency limitation would help...  

I don't know that there is a way to express an object as a singleton in WebIDL, but it can obviously be expressed in the prose.  @adrianba what would you think about PaymentRequest being a singleton?

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/159#issuecomment-232027002

Received on Tuesday, 12 July 2016 12:12:49 UTC