- From: Marcos Cáceres <notifications@github.com>
- Date: Wed, 15 Apr 2020 21:41:23 -0700
- To: w3c/payment-handler <payment-handler@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/payment-handler/pull/365/review/394293662@github.com>
@marcoscaceres commented on this pull request.
> @@ -2438,10 +2438,19 @@ <h2>
</h2>
<ul>
<li>One goal of this specification is to minimize the user
- interaction required to make a payment. At the same time, user agents
- must not permit combinations of configurations that would enable
- invoking Web sites to invoke payment request and receive payments
- silently.
+ interaction required to make a payment. However, we also want to
+ ensure that the user has an opportunity to consent to making a
+ payment. Because payment handlers are not required to open windows
+ for user interaction, user agents should take necessary steps to
+ provide for some form of user action before <a data-cite=
+ "payment-request#show-method">PaymentRequest.show()</a> resolves. For
+ example, a user agent might do nothing if a payment handler opens a
+ window and the user has an opportunity to confirm a transaction via a
+ button. But if the payment handler does not open a window, or opens a
+ window without an opportunity for user interaction, the browser might
+ prompt the user to confirm the payment handler's behavior before
> or opens a window without an opportunity for user interaction,
How would the payment sheet/browser know if the payment handler didn't provide a button?
I think we need to force a "payment confirmed" event somehow, which must be triggered explicitly by user activation.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/pull/365#pullrequestreview-394293662
Received on Thursday, 16 April 2020 04:41:41 UTC