[w3c/browser-payment-api] Clarify use of API in (or not in) Secure Contexts (#501) from ianbjacobs on 2017-04-03 (public-webpayments-specs@w3.org from April 2017)

From: ianbjacobs <notifications@github.com>
Date: Mon, 03 Apr 2017 08:43:53 -0700
To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/browser-payment-api/issues/501@github.com>

My understanding is that the API is to be used in Secure Contexts. I note that:

* SecureContext is optional on PaymentRequest constructor
* Where SecureContext appears elsewhere in the spec it is not optional
* There is no clear statement in the prose about calling the API in a SecureContext
* For iframes, the allowpaymentrequest attribute is non-normative.

It seems to me we need in the spec at least strong guidance about calling the API from a SecureContext, if not something normative. 

Ian

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/501

Received on Monday, 3 April 2017 15:44:27 UTC