- From: ianbjacobs <notifications@github.com>
- Date: Tue, 12 Mar 2019 06:42:22 -0700
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 12 March 2019 13:42:44 UTC
ianbjacobs requested changes on this pull request. Hi @marcoscaceres I agree with the sentiment, but two things make me uncomfortable: * Imposing a normative requirement on payment handlers in this specification. * It would probably be ok for the URL to include some information about a person for an authorized server; we don't want that information to be visible to unauthorized parties. Proposed: "It is important that the <a>validationURL</a> in a <a>MerchantValidationEvent</a> does not expose personally identifying information to unauthorized parties." I am avoiding creating a normative requirement, but do want to stress the importance. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/pull/850#pullrequestreview-213394972
Received on Tuesday, 12 March 2019 13:42:44 UTC