Re: [w3c/payment-request] Add hasEnrolledInstrument() (#833) from Rouslan Solomakhin on 2019-02-11 (public-webpayments-specs@w3.org from February 2019)

From: Rouslan Solomakhin <notifications@github.com>
Date: Mon, 11 Feb 2019 14:30:26 +0000 (UTC)
To: w3c/payment-request <payment-request@noreply.github.com>
Cc: webpayments-specs <public-webpayments-specs@w3.org>, Comment <comment@noreply.github.com>
Message-ID: <w3c/payment-request/pull/833/c462347180@github.com>

Chrome would return the `hasEnrolledInstrument()` truthfully for the built-in `basic-card` payment method. The feature detection matters for Chrome, because the old implementation of `canMakePayment()` was checking for instruments, whereas the new implementation would not be doing that. The only way for a website to determine which is which is to check for `hasEnrolledInstrument()` in the case of Chrome. Sorry about our legacy shipped code! :-(

> Note the hasEnrolledInstruments() would introduce another fingerprinting vector - so we might want to document that in the Privacy and Security section.

Privacy and Security section changes sound reasonable.

> We should make it ok for UAs to lie for privacy reasons.

Did you have in mind returning `NotAllowedError` similar to `canMakePayment()`? That sounds OK.

-- 
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/pull/833#issuecomment-462347180

Received on Monday, 11 February 2019 14:31:00 UTC