Re: [w3c/payment-method-id] Clarify security check for URL-based payment method identifier (#65) from Frédéric Wang on 2021-04-19 (public-webpayments-specs@w3.org from April 2021)

From: Frédéric Wang <notifications@github.com>
Date: Mon, 19 Apr 2021 05:55:21 -0700
To: w3c/payment-method-id <payment-method-id@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-method-id/issues/65/822443910@github.com>

I believe referring to https://fetch.spec.whatwg.org/#http-scheme + https://w3c.github.io/webappsec-secure-contexts/#is-url-trustworthy would be enough. Note that there is already some explanation about why browsers may consider non-https URLs trustworthy on https://w3c.github.io/webappsec-secure-contexts/#implementation-considerations (albeit not for local servers).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-method-id/issues/65#issuecomment-822443910

Received on Monday, 19 April 2021 12:55:34 UTC