- From: Marcos Cáceres <notifications@github.com>
- Date: Mon, 11 May 2026 00:26:49 -0700
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/payment-request/issues/1071/4418416044@github.com>
marcoscaceres left a comment (w3c/payment-request#1071) @stephenmcgruer, re: whether there's precedent, yes: I checked what WebKit throws for each permissions policy failure: | Error | API | Feature | |-------|-----|---------| | `NotAllowedError` | Screen Wake Lock | `screen-wake-lock` | | `NotAllowedError` | WebAuthn | `publickey-credentials-get` | | `NotAllowedError` | Digital Credentials | `digital-credentials-get` | | `NotAllowedError` | Web Share | `web-share` | | `NotAllowedError` | getUserMedia | `camera` / `microphone` / `display-capture` | | `SecurityError` | Payment Request | `payment` | | `SecurityError` | Gamepad | `gamepad` | | `SecurityError` | WebXR | `xr-spatial-tracking` | | `TypeError` | Fullscreen | `fullscreen` | | `NetworkError` | Sync XHR | `sync-xhr` | `NotAllowedError` is the majority (5 vs 3 for `SecurityError`). The Permissions Policy spec is silent on this, but I filed an open issue asking for guidance: [w3c/webappsec-permissions-policy#396](https://github.com/w3c/webappsec-permissions-policy/issues/396). All three engines currently throw `SecurityError` here, so changing it is a web-compat question. I'd leave it unless there's appetite from implementers to align... but happy to update the spec if there is. We should fix Permissions Policy though, @zcorpan. WDYT? -- Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/issues/1071#issuecomment-4418416044 You are receiving this because you are subscribed to this thread. Message ID: <w3c/payment-request/issues/1071/4418416044@github.com>
Received on Monday, 11 May 2026 07:26:56 UTC