Re: [w3c/browser-payment-api] Send HTMLIFrameElement.allowPaymentRequest to HTML spec (#311)

In an ideal world, this would wait for Feature Policy to figure out how it wants to allow folks to enable features for child frames (@igrigorik, etc).

In the actual world, adding an attribute is ugly, but would let you hit your shipping targets. Have y'all worked out what origin you'll be showing in dialogs from cross-origin frames, and generally how you'll explain to users what's going on? We punted on those questions for credential management; they're hard. :(

As far as process goes, I don't think it's worth anyone's time to block on the W3C HTML spec. For webappsec specs, I've generally put together an "Integrations" section that links off to integration points in other specs (https://w3c.github.io/webappsec-csp/#html-integration, for example), upstreamed a patch to WHATWG's HTML (https://github.com/whatwg/html/pull/1618, for example), and filed a bug against the W3C document along with a corresponding ISSUE in the spec text (https://github.com/w3c/html/issues/547 and https://w3c.github.io/webappsec-csp/#issue-5faf83e6, for example). That seems like a reasonable workflow for documents you'd like to publish through the W3C for reasons.

/cc @adanilo

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/311#issuecomment-261233665

Received on Thursday, 17 November 2016 12:22:57 UTC