- From: Stephen McGruer <notifications@github.com>
- Date: Fri, 17 Nov 2023 12:57:42 -0800
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 17 November 2023 20:57:48 UTC
> If we stick to trust in the payment process, the user-signed transaction request should preferably include the domain name of the merchant. Since this part could be collected by the browser during SPC invocation, it is not possible to fake. This makes relaying (or stealing) authorizations much less useful, here assuming that verifiers check this parameter as well as claimed receive account etc. Fwiw, this issue was filed against Payment Request in general, and not SPC (https://github.com/w3c/secure-payment-confirmation) specifically. @mimi89999 if you are thinking of SPC specifically please let me know, but otherwise I'm assuming general Payment Request. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/issues/1014#issuecomment-1817096201 You are receiving this because you are subscribed to this thread. Message ID: <w3c/payment-request/issues/1014/1817096201@github.com>
Received on Friday, 17 November 2023 20:57:48 UTC