Re: [w3c/browser-payment-api] Should the Payment Request API only be available in a top-level browsing context? (#2) from Adrian Hope-Bailie on 2016-04-10 (public-webpayments-specs@w3.org from April 2016)

From: Adrian Hope-Bailie <notifications@github.com>
Date: Sat, 09 Apr 2016 23:15:17 -0700
To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
Message-ID: <w3c/browser-payment-api/issues/2/207929089@github.com>

We require a comprehensive proposal to address this use case that considers how a merchant may put an iframe into their site that is able to call the payments API but only with the explicit permission of the merchant.

We should also consider what user permissions should be required for this and consult with @w3c/webappsec-admin for guidance.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/2#issuecomment-207929089

Received on Sunday, 10 April 2016 06:16:15 UTC