- From: Rouslan Solomakhin <notifications@github.com>
- Date: Thu, 05 Apr 2018 13:21:41 -0700
- To: w3c/payment-handler <payment-handler@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 5 April 2018 20:22:05 UTC
Suppose `https://merchant.com` includes an iframe from a 3rd party website to get some functionality that is not payment specific, like an interactive map with directions to their physical location. ```html <iframe src="https://maps.com/?lat=30&lng=40"></iframe> ``` A user would be very surprised if `https://maps.com` attempted to install a payment handler while the user was visiting `https://merchant.com`. Therefore, let's prohibit cross-origin iframes from installing payment handlers by default. On the other hand, suppose `https://merchant.com` includes an iframe from a payment processor to improve their checkout process. Since this is a very forward-thinking PSP, it uses the W3C web payment standards. In this case, the merchant can explicitly allow this particular iframe to install a payment handler and/or invoke Payment Request. ```html <iframe src="https://psp.com/checkoutbutton.html" allow="payment"></iframe> ``` -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-handler/issues/281#issuecomment-379064338
Received on Thursday, 5 April 2018 20:22:05 UTC