marcoscaceres commented on this pull request.
> @@ -2690,8 +2689,10 @@
Exposing user information
</h2>
<p>
- The <a>user agent</a> MUST NOT share information about the user to
- the web page (such as the shipping address) without user consent.
+ A page might try to call the payment request API to retrieve
+ information about the user. Information about the user (such as the
+ shipping address) should only be shared with the web page with user
"should" is still an RFC 2119 keyword (particularly as we opted to not capitalize RFC2119 keywords in the spec).
We can try not to make a normative recommendation here, but I don't think it's particularly harmful to make this section normative if we are making a common sense RECOMMENDATION/SHOULD statement here.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/pull/511#pullrequestreview-34998121