Many of these use cases (where it's necessary to remove the merchant website from PCI scope) can be addressed by embedding an iframe in the checkout page that renders secure content from the third party payment provider and exposes the PaymentRequest API.
@zkoch did some work to ensure there is an appropriate attribute that can be set in the iframe to allow the PaymentRequest API to be called from that internal context.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-method-basic-card/issues/38#issuecomment-320646424