Deprecate the ability for Web Payment API to bypass the connect-src CSP policy when fetching the manifest. After this deprecation, a site's connect-src CSP policy will need to allow for the payment method URL specified in a PaymentRequest call, as well as any other URLs that the method chains to fetch its manifest.
None: PaymentHanlders are not supported in WebView.
CSP violations print console error messages.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMMzaWFUbSFNuCbyefZKuSDmFtOd%3DD5xsOpVE0p6pwoxVPgRog%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMMzaWFXYXBqDjBzC8RnjUmNXQ8apiBAHdAGMV16Pq0F%2BbV-Mg%40mail.gmail.com.
If we are going to treat this like a deprecation instead (which is what a report only mode sounds to me?), then it makes more sense to me to skip an OT entirely. That is:- M108 - begin deprecation period, developers get warnings- M111 (for example) - enable behavior, start reverse origin trial if necessary for anyone to opt out for a few milestones.Thoughts Yoav?On Wed, Sept 21, 2022, 9:06 a.m. Rouslan Solomakhin <rou...@chromium.org> wrote:
> So is the plan to get properties currently using PaymentHandler to experiment with this and see if there's breakage?Yes, that's the plan.> Should we initially ship a "report only" mode that would help all properties know that CSP errors may be happening soon?Yes, we certainly could do that, if that's your recommendation. Assuming that does not require a Blink intent, we can start doing that in M108. Should we run the opt-in OT for enforcing CSP in M 110--112 in that case?
On Wed, Sep 21, 2022 at 1:30 AM Yoav Weiss <yoav...@chromium.org> wrote:
So is the plan to get properties currently using PaymentHandler to experiment with this and see if there's breakage? Should we initially ship a "report only" mode that would help all properties know that CSP errors may be happening soon?
On Tue, Sep 20, 2022 at 6:20 PM Rouslan Solomakhin <rou...@chromium.org> wrote:
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMMzaWFUbSFNuCbyefZKuSDmFtOd%3DD5xsOpVE0p6pwoxVPgRog%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
> Can you re-send this intent as an intent to deprecate and remove (and change the chrome status name accordingly)?
Resent in https://groups.google.com/a/chromium.org/g/blink-dev/c/mlTnVIovBc0/m/uWMMIM2MCAAJ and updatesd chrome status.> That'd make it easier for the bots and the tools to capture it correctly.Is there a good way for me to verify that the bots and the tools have captured the status correctly?
On Wednesday, September 21, 2022 at 11:53:45 AM UTC-4 Yoav Weiss wrote:
That sounds great!Can you re-send this intent as an intent to deprecate and remove (and change the chrome status name accordingly)? That'd make it easier for the bots and the tools to capture it correctly.
On Wednesday, September 21, 2022 at 3:15:37 PM UTC+2 Stephen McGruer wrote:
If we are going to treat this like a deprecation instead (which is what a report only mode sounds to me?), then it makes more sense to me to skip an OT entirely. That is:- M108 - begin deprecation period, developers get warnings- M111 (for example) - enable behavior, start reverse origin trial if necessary for anyone to opt out for a few milestones.Thoughts Yoav?On Wed, Sept 21, 2022, 9:06 a.m. Rouslan Solomakhin <rou...@chromium.org> wrote:
> So is the plan to get properties currently using PaymentHandler to experiment with this and see if there's breakage?Yes, that's the plan.> Should we initially ship a "report only" mode that would help all properties know that CSP errors may be happening soon?Yes, we certainly could do that, if that's your recommendation. Assuming that does not require a Blink intent, we can start doing that in M108. Should we run the opt-in OT for enforcing CSP in M 110--112 in that case?
On Wed, Sep 21, 2022 at 1:30 AM Yoav Weiss <yoav...@chromium.org> wrote:
So is the plan to get properties currently using PaymentHandler to experiment with this and see if there's breakage? Should we initially ship a "report only" mode that would help all properties know that CSP errors may be happening soon?
On Tue, Sep 20, 2022 at 6:20 PM Rouslan Solomakhin <rou...@chromium.org> wrote:
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMMzaWFUbSFNuCbyefZKuSDmFtOd%3DD5xsOpVE0p6pwoxVPgRog%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.