Re: [w3c/payment-request] Is paypment request gated behind https? (#658) from Rouslan Solomakhin on 2017-12-08 (public-webpayments-specs@w3.org from December 2017)

From: Rouslan Solomakhin <notifications@github.com>
Date: Fri, 08 Dec 2017 16:55:05 +0000 (UTC)
To: w3c/payment-request <payment-request@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-request/issues/658/350313583@github.com>

FYI, Chrome considers the following to be secure contexts, which allow PaymentRequest per spec:
* https://
* file://
* localhost
  * http://localhost
  * http://127.0.0.1
  * http://[::1]

One interesting edge case is invalid HTTPS certificate. In this case, Chrome shows an interstitial alerting the user to dangers of proceeding. If the user elects to proceed, the context is considered secure, so Chrome allows PaymentRequest to match the spec, but the API is neutered:
1. `.canMakePayment()` always returns false.
1. `.show()` always rejects with `NotSupportedError`.
1. The UI is never shown.

You can observe this behavior on https://self-signed.badssl.com/input/web-payment/ for example.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/issues/658#issuecomment-350313583

Received on Friday, 8 December 2017 16:55:33 UTC