Re: [w3c/browser-payment-api] The origin restrictions in the PaymentRequest are not nearly strong enough (#332) from Adrian Hope-Bailie on 2016-12-02 (public-webpayments-specs@w3.org from December 2016)

From: Adrian Hope-Bailie <notifications@github.com>
Date: Fri, 02 Dec 2016 01:43:52 -0800
To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
Message-ID: <w3c/browser-payment-api/issues/332/264413919@github.com>

> Because it allows B to trigger payment requests from A by when A might not expect it to.

I disagree. Both contexts from origin A (the top-level and innermost contexts) can trigger payment requests but the other context (with origin B) cannot.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/332#issuecomment-264413919

Received on Friday, 2 December 2016 09:44:56 UTC