- From: Stephen McGruer <notifications@github.com>
- Date: Tue, 15 Nov 2022 06:43:32 -0800
- To: w3c/payment-handler <payment-handler@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/payment-handler/pull/404@github.com>
The “canmakepayment” service worker event lets the merchant know whether the user has a card on file in an installed payment app. It silently passes the merchant's origin and arbitrary data to a service worker from payment app origin. This cross-origin communication happens on PaymentRequest construction in JavaScript, does not require a user gesture, and does not show any user interface. As such, it is a potential source of silent user tracking in a post-3p cookies world.
See #401 for discussions around use-cases for the canmakepayment event.
The following tasks have been completed:
* [ ] web platform tests (link) - **WIP**!
* [x] MDN Docs added - N/A? (I cannot locate PaymentHandler docs on MDN...)
Implementation commitment:
* [x] Safari - N/A, does not ship PaymentHandler
* [x] Chrome ([link to issue](https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/AM2bwKxXacQ))
* [x] FirefoxN/A, does not ship PaymentRequest or PaymentHandler
* [ ] Edge (public signal)
You can view, comment on, or merge this pull request online at:
https://github.com/w3c/payment-handler/pull/404
-- Commit Summary --
* [Spec] Remove user-identifiable information from canMakePayment
-- File Changes --
M index.html (87)
-- Patch Links --
https://github.com/w3c/payment-handler/pull/404.patch
https://github.com/w3c/payment-handler/pull/404.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/pull/404
You are receiving this because you are subscribed to this thread.
Message ID: <w3c/payment-handler/pull/404@github.com>
Received on Tuesday, 15 November 2022 14:43:44 UTC