[w3c/payment-request] SecurityError vs NotAllowedError for "allowed to use" check (Issue #1071) from Simon Pieters on 2026-04-10 (public-webpayments-specs@w3.org from April 2026)

From: Simon Pieters <notifications@github.com>
Date: Fri, 10 Apr 2026 00:42:30 -0700
To: w3c/payment-request <payment-request@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-request/issues/1071@github.com>

zcorpan created an issue (w3c/payment-request#1071)

> If [this](https://webidl.spec.whatwg.org/#this)'s [relevant global object](https://html.spec.whatwg.org/multipage/webappapis.html#concept-relevant-global)'s [associated Document](https://html.spec.whatwg.org/multipage/nav-history-apis.html#concept-document-window) is not [allowed to use](https://html.spec.whatwg.org/multipage/iframe-embed-object.html#allowed-to-use) the ["payment"](https://w3c.github.io/payment-request/#dfn-payment) permission, then [throw](https://webidl.spec.whatwg.org/#dfn-throw) a "[SecurityError](https://webidl.spec.whatwg.org/#securityerror)" [DOMException](https://webidl.spec.whatwg.org/#idl-DOMException).

Should this not throw an "NotAllowedError" exception instead?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/issues/1071
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/payment-request/issues/1071@github.com>

Received on Friday, 10 April 2026 07:42:34 UTC