Re: [w3c/webpayments-method-identifiers] feat: rewrite all the things (#35) from ianbjacobs on 2017-04-27 (public-webpayments-specs@w3.org from April 2017)

From: ianbjacobs <notifications@github.com>
Date: Thu, 27 Apr 2017 13:38:27 -0700
To: w3c/webpayments-method-identifiers <webpayments-method-identifiers@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/webpayments-method-identifiers/pull/35/c297832465@github.com>

@domenic wrote:

> Do you really want to allow about:blank, about:srcdoc, wss: URLs, file: URLs, etc.? (All are potentially trustworthy.)

I think the answer is "no." However, I wonder if there are some use cases for them (e.g., local testing of a payment method?) We've not really discussed those, and I think the intended use cases are for published payment method manifest files. 

> Do you want to allow usernames or passwords in the URL?

Again, I think the answer is "no" but there might be use cases we've not considered.

> What is wrong with queries?

I don't recall the rationale exactly, but I think it had to do with simplicity.

These are good questions. 

Ian

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-method-identifiers/pull/35#issuecomment-297832465

Received on Thursday, 27 April 2017 20:39:02 UTC