Re: [w3c/payment-handler] Limit information available during canmakepayment event (Issue #413)

Thanks Ian!

Note that the "canmakepayment" information has already been removed from the Payment Handler spec (https://github.com/w3c/payment-handler/pull/404) and from Chrome (in https://bugs.chromium.org/p/chromium/issues/detail?id=1290492#c22).

So we could close this bug. However, the `IS_READY_TO_PAY event in Chrome for native Android payment apps still includes this information because we broke multiple apps when we tried to remove it. On the Chrome side, we are still re-evaluating what stance we have where web APIs meet natively installed apps (e.g., did the user give enough permission when they installed the app, could we have Play Store policies to protect users, etc), so for now the leaking fields still exist in `IS_READY_TO_PAY`. As such, I would suggest keeping this open - if we end up in the long-term situation where web-apps and native-apps get different behavior, I would want us to spec that *somehow* (maybe just as a note), so we can track that in this issue?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/issues/413#issuecomment-1528829289
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/payment-handler/issues/413/1528829289@github.com>

Received on Saturday, 29 April 2023 16:59:21 UTC