- From: Adrian Hope-Bailie <notifications@github.com>
- Date: Sun, 20 Nov 2016 08:03:15 -0800
- To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
Received on Sunday, 20 November 2016 16:03:57 UTC
If it's SecureContext all the way down then I think we're safe 😄 Although, @ianbjacobs , speaking as a user I would want to know if `merchant.com` has delegated this to `anyoneelse.com`. I think @rsolomakhin 's suggestions are along the lines of what I was thinking but I guess it's up to the implementers to look after their users. Another question is how permissions might work? Perhaps a new thread but @rsolomakhin do you envision a permission request user prompt per origin before granting access to the API and if so who would be granted permission in this case `merchant.com` or `psp.com`? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/browser-payment-api/issues/311#issuecomment-261786732
Received on Sunday, 20 November 2016 16:03:57 UTC