- From: pes <notifications@github.com>
- Date: Wed, 06 Mar 2019 11:47:32 -0800
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 6 March 2019 19:47:54 UTC
snyderp commented on this pull request. > - method shares some information with the payee, user agents are - expected to protect the user from abuse of the method, for example, - by restricting the number or frequency of calls. + The <a>canMakePayment()</a> method enables the payee to determine + —before calling <a>show()</a>— whether the user is ready to take + advantage of the API. This enables the payee to fall back to a legacy + checkout experience. Because this method shares some information with + the payee, user agents are expected to protect the user from abuse of + the method. For example, user agents may reduce user fingerprinting + by: + </p> + <ul data-link-for="PaymentRequest"> + <li>allowing the user to configure the user agent to turn off + <a>canMakePayment()</a>; + </li> + <li>informing the user when <a>canMakePayment()</a> is called; I'm in favor of it too. Short of standardizing the mitigations (which would be better, but seems to be off the table), including the above seems like a second best option -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/pull/843#discussion_r263105770
Received on Wednesday, 6 March 2019 19:47:54 UTC