- From: Marcos Cáceres <notifications@github.com>
- Date: Sun, 15 Apr 2018 21:52:11 -0700
- To: w3c/payment-handler <payment-handler@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/payment-handler/pull/282/review/112278036@github.com>
marcoscaceres requested changes on this pull request.
Couple of nits, but generally looks great.
> @@ -2078,6 +2097,17 @@ <h2>
</li>
</ul>
</section>
+ <section>
+ <h2>
+ Iframes
+ </h2>
+ <ul>
+ <li>Cross-origin iframes should not be able to register payment
"should not" doesn't read well here, as is "iframes". Perhaps just state that:
> The top-level document needs to explicitly grant access to nested browsing contexts via the "payment" feature policy.
I've filed https://github.com/WICG/feature-policy/issues/154 so we can actually link to "payment".
> @@ -426,6 +426,10 @@ <h2>
<li>Return <var>p</var> and perform the remaining steps in
parallel:
</li>
+ <li>If the <a>document</a> is not <a>allowed to use</a> the
Nit: drop "policy-controlled-feature", it's redundant.
> @@ -426,6 +426,10 @@ <h2>
<li>Return <var>p</var> and perform the remaining steps in
parallel:
</li>
+ <li>If the <a>document</a> is not <a>allowed to use</a> the
+ policy-controlled-feature <code>payment</code>, reject <var>p</var>
+ with <a>SecurityError</a>.
Here, you want:
```HTML
"<a>SecurityError</a>" <a>DOMException</a>.
```
You can take the `dfn`s from payment request.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/pull/282#pullrequestreview-112278036
Received on Monday, 16 April 2018 04:52:41 UTC