@marcoscaceres wrote, "adding an "origin" member to the PaymentMethodData, that bounds the method to the origin that must be registered to receive the event." For proprietary payment methods, we have begun to specify something that allows the payment method owner to control which apps can support the payment method. In effect, that provides a guarantee enforced by the browser that payment requests will only go to those apps (or origins): https://w3c.github.io/webpayments/proposals/Payment-Manifest-Proposal.html (There are other bits in that proposal involving digital signatures of specific apps, for added security.) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments-payment-apps-api/issues/99#issuecomment-276690105
Received on Wednesday, 1 February 2017 15:38:43 UTC