Re: [w3c/payment-request] Editorial: describe security mitigations #675 (#683) from Peter Saint-Andre on 2018-02-13 (public-webpayments-specs@w3.org from February 2018)

From: Peter Saint-Andre <notifications@github.com>
Date: Tue, 13 Feb 2018 23:47:14 +0000 (UTC)
To: w3c/payment-request <payment-request@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-request/pull/683/review/96343803@github.com>

stpeter commented on this pull request.



> +          <li>A <a>top-level browsing context</a> need to explicitly grant an
+          <a>iframe</a> the ability to access the <a>PaymentRequest</a>
+          interface via the <a>allowpaymentrequest</a> attribute. This prevents
+          embedded third-party content from accessing the interfaces of the
+          <cite>Payment Request API</cite> without the <a>top-level browsing
+          context</a>'s permission.
+          </li>
+          <li>In the definition of <a>canMakePayment()</a> the Working Group
+          seeks a balance between user experience and date protection. As
+          defined, <a>canMakePayment()</a> provides the party that calls the
+          API with information about the user's environment. To reduce the
+          potential for abuse, implementers plan a number of mitigations,
+          including rate-limiting <a>canMakePayment()</a> calls from the same
+          origin.
+          </li>
+          <li>A user agent can limit matching (in <a>show()</a> and

As indicated in @lknik's review, rate-limiting sounds nice but any legitimate or illegitimate actor can easily jump over that hurdle.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/pull/683#discussion_r168039888

Received on Tuesday, 13 February 2018 23:47:45 UTC