- From: Jinho Bang <notifications@github.com>
- Date: Fri, 17 Apr 2020 05:41:10 -0700
- To: w3c/payment-handler <payment-handler@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/payment-handler/pull/365/review/395417670@github.com>
@romandev commented on this pull request. > @@ -2438,10 +2438,19 @@ <h2> </h2> <ul> <li>One goal of this specification is to minimize the user - interaction required to make a payment. At the same time, user agents - must not permit combinations of configurations that would enable - invoking Web sites to invoke payment request and receive payments - silently. + interaction required to make a payment. However, we also want to + ensure that the user has an opportunity to consent to making a + payment. Because payment handlers are not required to open windows + for user interaction, user agents should take necessary steps to + provide for some form of user action before <a data-cite= + "payment-request#show-method">PaymentRequest.show()</a> resolves. For + example, a user agent might do nothing if a payment handler opens a + window and the user has an opportunity to confirm a transaction via a + button. But if the payment handler does not open a window, or opens a + window without an opportunity for user interaction, the browser might + prompt the user to confirm the payment handler's behavior before I may be missing something because I haven't looked deeply into this recently. If I am missing something, please correct me. I think @danyao 's suggestion is reasonable overall, and I support her opinion. BTW, This may be a silly question but I'm still missing something. What's the subtle difference between new `finalizeResponse()` and existing `respondWith()`? In my understanding and according to the spec text, `respondWith()` already checks whether the `PaymentRequestEvent.isTrusted` is `true` and doesn't it mean that `respondWith()` is only allowed by user activation? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-handler/pull/365#discussion_r410195301
Received on Friday, 17 April 2020 12:41:23 UTC