Re: [w3c/webpayments-payment-apps-api] Use PaymentRequest and PaymentResponse (#99) from Marcos Cáceres on 2017-01-31 (public-webpayments-specs@w3.org from January 2017)

From: Marcos Cáceres <notifications@github.com>
Date: Mon, 30 Jan 2017 20:06:49 -0800
To: w3c/webpayments-payment-apps-api <webpayments-payment-apps-api@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/webpayments-payment-apps-api/issues/99/276270130@github.com>

Was talking to @martinthomson about this, and he proposed that this could alternative be solved by adding an "origin" member to the `PaymentMethodData`, that bounds the method to the origin that must be registered to receive the event. 

That way, the browser knows where to route the events to only one specific origin - and only if that origin is registered.   

So: 
```JS
{
    supportedMethods: ["bobpay.com"],
    data: {
      merchantIdentifier: "XXXX",
      bobPaySpecificField: true
    },
    origin: "https://bobpay.com",
}
```

Will only ever go to `bobpay.com`. Then we don't need to crypto at all.  

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-payment-apps-api/issues/99#issuecomment-276270130

Received on Tuesday, 31 January 2017 04:07:23 UTC