Re: [w3c/browser-payment-api] Should the Payment Request API only be available in a top-level browsing context? (#2)

We require a comprehensive proposal to address this use case that considers how a merchant may put an iframe into their site that is able to call the payments API but only with the explicit permission of the merchant.

We should also consider what user permissions should be required for this and consult with @w3c/webappsec-admin for guidance.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/2#issuecomment-207929089

Received on Sunday, 10 April 2016 06:16:15 UTC