> You probably don't want them in the URL, you want them on whatever initiates the request (e.g., fetch(request), <link> or whatever). @marcoscaceres the challenge here is that all you have is the URL. The scenario is this... A payment request contains a payment method identifier that the browser has never seen before so it does a HEAD request on that URL and get's the location of the payment-method manifest. This can be empty or can contain information such as the payment apps that are allowed to handle requests for this method. We could close this by saying; "The PMI spec requires that the manifest can be fetched securely so integrity checking is redundant" but I'm not sure if that is true? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments-method-identifiers/issues/18#issuecomment-277192061
Received on Friday, 3 February 2017 08:33:05 UTC