Re: [w3c/browser-payment-api] should .show() be user gated? (#486)

I'm torn on this point. I'm generally skeptical of how effective "user gesture" is at a mitigating factor given that a 'click' or 'tap' anywhere is a user gesture. There are also legitimate uses cases we've seen where you wouldn't want this. For example, a merchant wants to implement PaymentRequest, and the shortest path to doing so is just to invoice PR.show() on the redirect to /checkout. It's completely in line with user expectations and is easy to implement.

If we decide to say something about this in the spec, I think it needs to be in the form of 'MUST' language. Since this would impact an implementation decision, such as in the use case above, users have to be able to reason about whether their implementation would work cross-browser.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/486#issuecomment-290230993

Received on Wednesday, 29 March 2017 21:27:01 UTC