Re: [w3c/payment-handler] topLevelOrigin is a weird name (#259) from Rouslan Solomakhin on 2018-04-06 (public-webpayments-specs@w3.org from April 2018)

From: Rouslan Solomakhin <notifications@github.com>
Date: Fri, 06 Apr 2018 21:37:01 +0000 (UTC)
To: w3c/payment-handler <payment-handler@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-handler/issues/259/379389491@github.com>

> Could you give an example of why this is a necessary capability for payment handlers? 

Google Pay whitelists the origins that are allowed to use it. (You can get on the whitelist by registering for a merchant account.) When working with large partners, it's simpler to whitelist a _single_  `paymentRequestOrigin`, such as `https://payment-processor.com`, instead of _10,000_ `topLevelOrigin`s of the small shops that are using `https://payment-processor.com`.

> do the basic-card or ApplePay payment handlers change their behavior based on top-level origin vs. PaymentRequest origin?

If the `paymentRequestOrigin` is not on the whitelist for Google Pay, it will not be displayed as an option in the payment sheet. Other partners have expressed the desire to also whitelist based on the `topLevelOrigin`.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/issues/259#issuecomment-379389491

Received on Friday, 6 April 2018 21:37:24 UTC