- From: Domenic Denicola <notifications@github.com>
- Date: Tue, 15 Jan 2019 10:51:51 -0800
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 15 January 2019 18:52:13 UTC
domenic requested changes on this pull request.
> @@ -635,14 +635,6 @@ <h2>
act as follows:
</p>
<ol data-link-for="PaymentDetailsBase" class="algorithm">
- <li data-tests=
- "allowpaymentrequest/active-document-cross-origin.https.sub.html, allowpaymentrequest/active-document-same-origin.https.html, allowpaymentrequest/removing-allowpaymentrequest.https.sub.html, allowpaymentrequest/setting-allowpaymentrequest-timing.https.sub.html, allowpaymentrequest/setting-allowpaymentrequest.https.sub.html">
- If the <a>current settings object</a>'s <a data-cite=
No, this is wrong. The source of truth for how the PaymentRequest constructor behaves needs to be this spec. The fact that https://github.com/w3c/webappsec-feature-policy/blob/master/features.md#payment has a MUST requirement is just confusing. That document should be updated: <del>MUST throw a SecurityError</del><ins>will throw in the manner described in the PaymentRequest specification</ins>.
/cc @clelland to consider changes to avoid such confusion.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/pull/822#pullrequestreview-192806199
Received on Tuesday, 15 January 2019 18:52:13 UTC