I really like the direction we're heading where payment apps are just web apps that can handle payments. However, the single-app-per-origin thing still confuses me. I understand that permissions are handled on a per-origin basis, but web apps (as described [here](https://developers.google.com/web/updates/2014/11/Support-for-installable-web-apps-with-webapp-manifest-in-chrome-38-for-Android) for instance) are not normally origin-bound. Web apps the way I know them, are just collections of web pages that share a common manifest file. To demonstrate this, please have a look at the following two web apps, that I just made: * https://people.opera.com/tommyt/blue * https://people.opera.com/tommyt/red Open them in a modern mobile browser, and add them both to the home screen to see that they are indeed independent of each other. These two web apps are hosted on the same server (which also hosts a myriad of other web apps and random pages), but they have separate manifest files. It seems to me to be a misunderstanding that "because permissions are per-origin, payment apps must also be limited to one per origin". I think the boundaries of the permission model and the boundaries of the web apps can absolutely be independent. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments-payment-apps-api/issues/98#issuecomment-277808484
Received on Monday, 6 February 2017 20:49:07 UTC