Re: [w3c/browser-payment-api] Should we standardise a callback mechanism for payment apps to communicate to 3rd parties? (#109) from Jeff Burdges on 2016-03-31 (public-webpayments-specs@w3.org from March 2016)

From: Jeff Burdges <notifications@github.com>
Date: Thu, 31 Mar 2016 04:41:11 -0700
To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
Message-ID: <w3c/browser-payment-api/issues/109/203891999@github.com>

There are pragmatic differences for browser extensions between interactions during payment and interactions after payment.  A FireFox XUL extension could do this, but I think WebExtensions cannot do this.  It needs to forwards the user to a fulfillment-like page controlled by the merchant with which it can interact.  

Is that fulfillment-like page necessarily a real fulfillment page?  I donno, maybe not.  I like that the payee has committed to a financial transaction by that point, so as to prevent this from being used for all manor of same origin violations.  There is nothing one can do about people who install extensions or payment apps willy nilly though, so maybe it does not matter for those cases.  It might matter for web based payment apps though, as methods we introduce there cannot violate same origin anyways. 

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/109#issuecomment-203891999

Received on Thursday, 31 March 2016 11:42:05 UTC