marcoscaceres commented on this pull request. > + <li>Let <var>request</var> be the <a>PaymentRequest</a> object on + which the method was called. + </li> + <li>If <var>request</var>.<a>[[\state]]</a> is not "<a>created</a>", + then return <a>a promise rejected with</a> an + "<a>InvalidStateError</a>" <a>DOMException</a>. + </li> + <li data-tests= + "payment-request/payment-request-hasenrolledinstrument-method-protection.https.html"> + If <var>checkForInstruments</var> is true, optionally, at the + <a>top-level browsing context</a>'s discretion, return <a>a promise + rejected with</a> a "<a>NotAllowedError</a>" <a> DOMException</a>. + <p class="note" data-link-for="PaymentRequest"> + This allows user agents to apply heuristics to detect and prevent + abuse of the <a>hasEnrolledInstrument()</a> method for + fingerprinting purposes, such as creating <a>PaymentRequest</a> Note that canMakePayment() is also a fingerprinting vector, so it’s prudent for this to apply to both. -- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/pull/833#pullrequestreview-204438847
Received on Friday, 15 February 2019 21:05:53 UTC