- From: adamroach <notifications@github.com>
- Date: Sun, 18 Sep 2016 06:25:04 -0700
- To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
- Message-ID: <w3c/browser-payment-api/pull/268/c247847552@github.com>
@halindrome > @adamroach do you mean the sandbox attribute? allow-payment would be a sensible additional value for that attribute. No, I mean the syntax demonstrated in this comment: https://github.com/w3c/browser-payment-api/issues/2#issuecomment-228463359 (where I also describe why Mozilla's security folks are not okay with using sandbox for this kind of thing). The conversation from there consisted of @zkoch calling the suggestion "great", and then (after consulting with his security team) pointing to the Feature Policy work, which *currently* defers to [the Permission Delegation API](https://noncombatant.github.io/permission-delegation-api/) -- see [its examples section](https://noncombatant.github.io/permission-delegation-api/#examples) for a quick glance at how this works; but the syntax it shows is in line what I proposed. I understand that the Feature Policy document and the Permission Delegation document may be merged, but my understanding is that this is a document structure change with no protocol implications. As far as I know, that's the extent of the discussion on this topic, which is why I find the changes that were just merged in to be surprising. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/browser-payment-api/pull/268#issuecomment-247847552
Received on Sunday, 18 September 2016 13:25:39 UTC