- From: Marcos Cáceres <notifications@github.com>
- Date: Tue, 15 Jan 2019 19:40:26 -0800
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 16 January 2019 03:40:48 UTC
marcoscaceres commented on this pull request.
> @@ -635,14 +635,6 @@ <h2>
act as follows:
</p>
<ol data-link-for="PaymentDetailsBase" class="algorithm">
- <li data-tests=
- "allowpaymentrequest/active-document-cross-origin.https.sub.html, allowpaymentrequest/active-document-same-origin.https.html, allowpaymentrequest/removing-allowpaymentrequest.https.sub.html, allowpaymentrequest/setting-allowpaymentrequest-timing.https.sub.html, allowpaymentrequest/setting-allowpaymentrequest.https.sub.html">
- If the <a>current settings object</a>'s <a data-cite=
For "V1" we are trying to avoid putting a normative dependency on Feature Policy (bc: document remains unpublished, unclear if WebKit will support it ATM).
What I'd like to do instead is just say: "If the current settings object's responsible document is not allowed to use the API, throw a SecurityError" - implying that Feature Policy would deem the API usage "not allowed"... that hopefully gives us enough of a hook into Feature Policy without having a normative dependency on it.
I can then point the reader to the sections Feature Policy and `allowpaymentrequest` below.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/pull/822#discussion_r248142942
Received on Wednesday, 16 January 2019 03:40:48 UTC