Re: [w3c/payment-request] Disable Payment Request API in CSP/iframe sandbox (#698) from Marcos Cáceres on 2018-03-29 (public-webpayments-specs@w3.org from March 2018)

From: Marcos Cáceres <notifications@github.com>
Date: Thu, 29 Mar 2018 01:56:44 +0000 (UTC)
To: w3c/payment-request <payment-request@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-request/issues/698/377095535@github.com>

Noting we have `allowpaymentrequest`... so we would need to work out how they interact.  

```HTML
<iframe sandbox allowpaymentrequest></iframe>
```

I guess sandbox there bans everything, and `allowpaymentrequest` enables.... but because PR API is disabled by default cross-origin, we might not need our own flag. 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/issues/698#issuecomment-377095535

Received on Thursday, 29 March 2018 01:57:45 UTC