- From: Jun <notifications@github.com>
- Date: Wed, 28 Mar 2018 06:49:12 -0700
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 28 March 2018 13:49:35 UTC
CSP/iframe sandbox is meant to host untrusted content (by locking down privildge of the untrusted content). And powerful APIs such as Service Worker, AppCache, etc are not callable from sandboxed contents. For the same reason, Payment Request API should be disabled in sandxboxed content. If anyone feels that there's a valid use case of Payment Request API in sandbox, then it should be only allowed with "allow-same-origin" keyword (Though I don't think there is such a use case). -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/issues/698
Received on Wednesday, 28 March 2018 13:49:35 UTC