Re: [w3c/browser-payment-api] Detecting Payment Method Availability (#316) from Jeff Burdges on 2016-12-05 (public-webpayments-specs@w3.org from December 2016)

From: Jeff Burdges <notifications@github.com>
Date: Mon, 05 Dec 2016 06:56:08 -0800
To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
Message-ID: <w3c/browser-payment-api/pull/316/c264874597@github.com>

Attempts with multiple methods creates a fingerprinting risk even with the rate limiting sadly.  And perhaps a quick series of forwards through TLDs can defeat the rate limiting anyways. 

Just some alternative approaches to `canMakeActivePayemnt()` : 
- Recommend to browser venders that they print big scary warnings whenever the user installs a payment method beyond the first one.  Realistically users should not give their browser more than one payment method anyways, due to the high risk of browsers being compromised.
- Recommend to browser venders that `show()` make it easy for users to return to the regular checkout process as if it failed. 
- Make `canMakeActivePayemnt()` a commitment to call `show()` that disallows any further network activity from the page except for calling `show()`. 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/pull/316#issuecomment-264874597

Received on Monday, 5 December 2016 14:56:45 UTC