- From: Adrian Hope-Bailie <notifications@github.com>
- Date: Sun, 20 Nov 2016 04:08:30 -0800
- To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
Received on Sunday, 20 November 2016 12:09:27 UTC
Have we considered the security implications of a page that is not in a secure context hosting the payment frame. I can't recall if this is addressed. Because, if I see merchant.com and the page is insecure and has been hijacked so that the iframe is from evil.com then neither the user or the merchant will be able to detect that. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/browser-payment-api/issues/311#issuecomment-261774376
Received on Sunday, 20 November 2016 12:09:27 UTC