- From: Shane McCarron <notifications@github.com>
- Date: Tue, 19 Apr 2016 06:27:43 -0700
- To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
Received on Tuesday, 19 April 2016 13:28:37 UTC
@adrianhopebailie said: > I assert that it is a requirement of the API that the website has complete control over the content of the payment request that is ultimately received by the payment app. i.e.This should not be modified in any way by the user agent. This suggests that this payment request message should be passed as a single object to the API and that any other data that is only required by the user agent should be put into one or more other parameters. +1 to this. This data really needs to be compartmentalized in something that can be a "message". Personally I would like to see the message signed in some way so that the payment app knows it was not altered on the way, but I know that is unlikely so I am just going to sit on that one until I get to say "told ya' so!" --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/browser-payment-api/pull/133#issuecomment-211922866
Received on Tuesday, 19 April 2016 13:28:37 UTC