Re: [w3c/payment-request] Add PaymentRequest.prototype.hasEnrolledInstrument() (#833) from aestes on 2019-03-04 (public-webpayments-specs@w3.org from March 2019)

From: aestes <notifications@github.com>
Date: Sun, 03 Mar 2019 17:34:38 -0800
To: w3c/payment-request <payment-request@noreply.github.com>
Cc: webpayments-specs <public-webpayments-specs@w3.org>, Comment <comment@noreply.github.com>
Message-ID: <w3c/payment-request/pull/833/review/209947597@github.com>

aestes commented on this pull request.



>          </h2>
         <p data-link-for="PaymentRequest">
-          The <a>canMakePayment()</a> method enables the payee to call
-          <a>show()</a> if the user is ready to take advantage of the API, or
-          to fall back to a legacy checkout experience if not. Because this
-          method shares some information with the payee, user agents are
-          expected to protect the user from abuse of the method, for example,
-          by restricting the number or frequency of calls.
+          The <a>canMakePayment()</a> and <a>hasEnrolledInstrument()</a> methods
+          have the potential to expose user information that could be abused for
+          fingerprinting purposes. The API allows the user agent to restrict the
+          number or frequency of calls to reduce the risk of fingerprinting.
+          User agents MAY allow the user to control the response to either
+          method via UI or provide their own means to protection (e.g., always

```suggestion
          method via UI or provide their own means of protection (e.g., always
```

-- 
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/pull/833#pullrequestreview-209947597

Received on Monday, 4 March 2019 01:35:00 UTC