- From: Marcos Cáceres <notifications@github.com>
- Date: Mon, 12 Feb 2018 19:59:23 -0800
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 13 February 2018 03:59:51 UTC
marcoscaceres commented on this pull request. > + <a>show()</a> method. This reduces content's ability to unexpectedly + cause a request for payment to be displayed to the end-user. + </li> + <li>Interfaces are <a data-cite= + "WEBIDL#dfn-available-only-in-secure-contexts">available only in a + secure context</a>, to reduce the possibly that credentials will be + acquired and transferrer through insecure communication protocols. + </li> + <li>A <a>top-level browsing context</a> need to explicitly grant an + <a>iframe</a> the ability to access the <a>PaymentRequest</a> + interface via the <a>allowpaymentrequest</a> attribute. This prevents + embedded third-party content from accessing the interfaces of the + <cite>Payment Request API</cite> without the <a>top-level browsing + context</a>'s permission. + </li> + <li>In the definition of <a>canMakePayment()</a> the Working Group I still think this remains an open issue, wrt @lknik's findings in https://github.com/w3c/payment-request/issues/641. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/pull/683#pullrequestreview-96020076
Received on Tuesday, 13 February 2018 03:59:51 UTC