Re: [w3c/payment-request] Changes resulting from 28 February PING privacy review (#843)

marcoscaceres commented on this pull request.



> -          <a>show()</a> if the user is ready to take advantage of the API, or
-          to fall back to a legacy checkout experience if not. Because this
-          method shares some information with the payee, user agents are
-          expected to protect the user from abuse of the method, for example,
-          by restricting the number or frequency of calls.
+          The <a>canMakePayment()</a> method enables the payee to determine
+          — before calling <a>show()</a> — whether the user agent knows of any <a>payment handlers</a> available to the user that support the  <a>payment methods</a> provided to the <a>PaymentRequest<a> <a data-lt="PaymentRequest.PaymentRequest()">constructor</a>.
+         If no <a>payment handlers</a> support the <a>payment methods</a>, this enables the payee to fall back to a legacy
+          checkout experience. Because this method shares some potentially unique information with
+          the payee, user agents are expected to protect the user from abuse of
+          the method. For example, user agents can reduce user fingerprinting
+          by:
+        </p>
+        <ul data-link-for="PaymentRequest">
+          <li>Allowing the user to configure the user agent to turn off
+          <a>canMakePayment()</a>, which would cause the user agent to return <a>a promise rejected with</a> a "<a>NotAllowedError</a>" <a>

```suggestion
           <a>canMakePayment()</a>, which would return <a>a promise rejected with</a> a "<a>NotAllowedError</a>" <a>DOMException</a>.
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/pull/843#pullrequestreview-213665943

Received on Tuesday, 12 March 2019 21:42:53 UTC