- From: Rouslan Solomakhin <notifications@github.com>
- Date: Mon, 04 Dec 2017 06:37:44 -0800
- To: w3c/payment-handler <payment-handler@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 4 December 2017 14:38:33 UTC
Here's a summary of the discussion at the editors calls this morning: * The spec should note that user consent is required before first usage of the payment handler. * The payment handler website may want to know whether the user granted the permission. This can happen after saving the payment instruments. Therefore, it may be more clear to rename `.requestPermission()` into `.requestPermissionState()`. That call can tell the payment handler website the state of the user consent (allow, deny, not decided yet) without blocking the setup of payment instruments. * The user can grant permission at either (1) time of registration on payment handler website, (2) time of payment in payment sheet, or (3) any time after registration in browser settings. * If a user logs into their bank from a public computer, then logs out, how can we prevent the silently installed payment instruments from hanging around on the public computer for the next user to see? The next user may see a preview of the previous user's payment handlers, e.g., "Bank Inc (Visa****1234) [ icon ]" in the payment sheet, although they will not be able to see the full instrument or use it for payment. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-handler/issues/239#issuecomment-348980177
Received on Monday, 4 December 2017 14:38:33 UTC