Per my understanding, it's the payment method author that is in charge of deciding which handlers ("payment apps") should be able to see data associated with a particular payment method. Why should we burden merchants with having to fetch this information and specify it in the request instead of having the browser do it for them?
If we're ok with having the browser use an `origin` field to determine whether or not it should send data somewhere, what's the reason for not having the browser use other information, like which methods are supported/allowed by the destination?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-payment-apps-api/issues/99#issuecomment-276276396