Re: [w3c/payment-handler] Return null after the window is opened instead of reject with 'SecurityError' (#202) from Rouslan Solomakhin on 2017-08-14 (public-webpayments-specs@w3.org from August 2017)

From: Rouslan Solomakhin <notifications@github.com>
Date: Mon, 14 Aug 2017 14:43:24 +0000 (UTC)
To: w3c/payment-handler <payment-handler@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-handler/pull/202/review/56099370@github.com>

rsolomakhin commented on this pull request.



> @@ -1705,10 +1705,6 @@
           <li>If <var>url</var> is <code>about:blank</code>, return a
           <a>Promise</a> rejected with a <a>TypeError</a>.
           </li>
-          <li>If <var>url</var>'s origin is not the same as the <a>service
-          worker</a>'s origin associated with the payment handler, return a <a>
-            Promise</a> rejected with a <a>SecurityError</a>.
-          </li>

I think we should keep this check, as well, but we can return `null` for consistency. This check is to make sure that service worker from`https://bobpay.xyz` does not try to show a page from `https://alicepay.xyz`. This can be checked synchronously, so there's no need to wait until the page opens.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/pull/202#pullrequestreview-56099370

Received on Monday, 14 August 2017 14:43:50 UTC