Re: [w3c/browser-payment-api] Send HTMLIFrameElement.allowPaymentRequest to HTML spec (#311)

Nothing in Feature Policy is intended to allow the secure context requirement to be avoided -- we haven't called that out explicitly, but maybe we should. We do allow FP to be specified for some features which don't need HTTPS, but for those that do, we are still going to require a secure chain of frames, each specifying the correct policy.

The `allowpaymentrequest` iframe attribute is directly mappable to the `enable="paymentrequest"` attribute syntax, as it allows payment in the nested frame, and for the permission to be delegated further from that frame by including the same attribute in deeper frames.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/311#issuecomment-261779776

Received on Sunday, 20 November 2016 13:56:46 UTC