- From: Danyao Wang <notifications@github.com>
- Date: Wed, 17 Jun 2020 15:56:30 -0700
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 17 June 2020 22:56:43 UTC
Proxying a request from Stripe: A lot of PSPs allow merchants to fully control the look-and-feel of the checkout flow, including the "pay" button. The PSP code is embedded inside an iframe and interacts with `PaymentRequest`. Since the current Payment Request API spec requires a user activation to trigger `request.show()`, the aforementioned flow is impossible to implement in a spec-compliant browser because user activation cannot be delegated to child frames. I think we should consider a modification of the User Activation Delegation through postMessages proposal (https://github.com/w3ctag/design-reviews/issues/347) to allow the user activation token to be passed into an iframe for the purpose of triggering `request.show()`. By narrowing the scope of the original proposal to just the payments feature, I think we can side step the security and UX concerns in the original proposal. @marcoscaceres WDYT? @mustaqahmed FYI -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/issues/917
Received on Wednesday, 17 June 2020 22:56:43 UTC