- From: ianbjacobs <notifications@github.com>
- Date: Mon, 09 Apr 2018 18:21:04 +0000 (UTC)
- To: w3c/payment-handler <payment-handler@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 9 April 2018 18:22:13 UTC
ianbjacobs commented on this pull request.
> @@ -2078,6 +2087,31 @@ <h2>
</li>
</ul>
</section>
+ <section>
+ <h2>
+ HTTPS
+ </h2>
+ <ul>
+ <li>The user agent may block mixed content (e.g., non-HTTPS or
+ scripts) on the payment handler page.
+ </li>
+ <li>If the SSL certificate of the payment handler page is not valid
+ (e.g., self-signed), the user agent may cancel the payment.
+ </li>
I think that is inconsistent with the algorithm definition, which forces abort. I suggest changing this to MUST.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/pull/283#pullrequestreview-110563441
Received on Monday, 9 April 2018 18:22:13 UTC