- From: Tommy Thorsen <tommyt@opera.com>
- Date: Tue, 10 May 2016 15:54:33 +0200
- To: Dave Longley <dlongley@digitalbazaar.com>
- Cc: Adam Roach <abr@mozilla.com>, Ian Jacobs <ij@w3.org>, Adrian Bateman <adrianba@microsoft.com>, Web Payments Working Group <public-payments-wg@w3.org>
- Message-ID: <CA+zGpV28xw38PpFgKjfZDf3zH6yr9e_PR7amdZ-q3Z07eqRpuQ@mail.gmail.com>
I think many payment apps will want to supply shipping information along with the rest of the payment response, and I think we should allow that. However, since we are planning to pass the request to the payment app by means of HTTP POST, the onshippingaddresschange mechanism isn't going to work. The shipping address will have to be passed back in the payment response. I'm personally not very fond of having two separate ways of passing back shipping information to the payee (onshippingaddresschange + PaymentResponse.shippingAddress), so I suggest that we get rid of one of the mechanisms. I haven't been following the discussions here for that long, so I'm a bit unclear on the rationale for the onshippingaddresschange mechanism, but I always thought it looked kind of odd. What would be the arguments against removing it? -Tommy On Tue, May 10, 2016 at 3:37 PM, Dave Longley <dlongley@digitalbazaar.com> wrote: > On 05/10/2016 09:29 AM, Adam Roach wrote: > >> On 5/10/16 08:16, Ian Jacobs wrote: >> >>> Today if I type information (e.g., shipping address) in a form field, >>> does that change the DOM and thus the merchant has access to the >>> information immediately as well? >>> >>> I am wondering whether the behavior you describe for paymentRequest >>> differs significantly from today’s form-based approach. (I say “I am >>> wondering” because I think >>> you have a better grasp than I do.) >>> >> >> Yes, it certainly does have access. But there's a somewhat different >> mental model between "I entered data into merchant.com's web page, so >> merchant.com has access to it" and "I entered data into Bobpay's payment >> app, so merchant.com has access to it, even if I never submitted it." >> > > To be clear, I don't believe the latter represents the current API design. > The shipping information (at least the information that is reported via > `onshippingaddresschange`) isn't entered into a Payment App, but into a > special checkout UI provided by the browser. However, it is correct that it > is not entered via a page on merchant.com. > > I think this may better capture what's going on: "I entered data into a > 'special browser checkout UI', so merchant.com has access to it, even if > I never submitted it." > > > -- > Dave Longley > CTO > Digital Bazaar, Inc. > http://digitalbazaar.com > >
Received on Tuesday, 10 May 2016 13:55:05 UTC