[w3c/payment-handler] Block payment handler in iframes by default (#281)

Similar to Payment Request, let's block Payment Handler APIs in cross-origin iframes by default. We can use [Feature Policy](https://wicg.github.io/feature-policy/) to selectively enable it like so:

```html
<iframe src="https://other.com/paymenthandler" allow="paymenthandler"></iframe>
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/issues/281

Received on Thursday, 5 April 2018 15:02:11 UTC