Re: [w3c/payment-handler] CanMakePaymentEvent handling algorithm unclear (#330)

Hi @rsolomakhin and @danyao,

Thanks for the good discussion. Some thoughts:

- If the CanMakePaymentEvent is only triggered by hasEnrolledInstrument and not PR.canMakePayment, then it seems we should change the name in Payment Handler
to HasEnrolledInstrumentEvent. 

- I am trying to understand this sentence: "If a website has control of a payment handler, then it can detect whether user is in private browsing mode by calling hasEnrolledInstrument and checking if the result if false." Is this what you mean: Merchant controls origin of PR API call and also the payment handler. By calling PR.hasEnrolledInstrument and getting a value of 'false' back, and by knowing in the payment handler that the user actually does have an enrolled instrument, then the merchant knows the user is in private browsing mode.

If so, +1 to asking the privacy folks. :)

Ian



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/issues/330#issuecomment-457726213

Received on Friday, 25 January 2019 21:00:18 UTC