There is an unacceptable risk to the user's privacy here @rsolomakhin so a browser that wishes to protect the user's privacy must prevent `.canMakePayment()` from returning any information. There are two heavy handed ways browsers could do this, either disable the payments API all together, or disable all payment methods except one the Browser vender chooses, ala the Brave project's in-browser payments. Instead, we should provide a less heavy handed route whereby a browser can effectively disable `.canMakePayment()` in some way so that many merchants still work. There are several options : - `.canMakePayment()` invokes `.show()` immediately. - `.canMakePayment()` always returns false, so merchants who call it cannot use the payment API. - `.canMakePayment()` always returns true, possibly resulting in customers seeing the wrong invocation. - `.canMakePayment()` throws an exception indicating that it detected an attack on the user by the page. This would happen if the page called `.canMakePayment()` too many times, but a more secure browser could simply do it anytime `.canMakePayment()` gets called. Ideally, the browser should warn the user that the page did something nefarious. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/browser-payment-api/pull/380#issuecomment-270641892
Received on Thursday, 5 January 2017 13:19:10 UTC