- From: ojan <notifications@github.com>
- Date: Tue, 29 Nov 2016 19:09:49 -0800
- To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
Received on Wednesday, 30 November 2016 03:10:24 UTC
@marcoscaceres what we were hoping to do in Chrome is to ship with enable="paymentrequest" in the next chrome release and then the full feature policy support in a following release. That way, we get something that's forward compatible, but really not much more work than the allowpaymentrequest attribute.
The one difference is that enable="paymentrequest" intentionally is only allowing paymentrequest for the origin in the src attribute, i.e. a redirect to a different origin wouldn't get access. We'll eventually need the additional featurepolicy attribute to allow all origins in the subframe, i.e. via featurepolicy='{"paymentrequest": ["*"]}'.
But it seems like v1 of payments could get away with just enable="paymentrequest" and we can avoid the proliferation of more allow* attributes. Does that sound OK?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/311#issuecomment-263770791
Received on Wednesday, 30 November 2016 03:10:24 UTC