Intent to experiment: Deprecate and remove merchant identity in "canmakepayment"

72 views
Skip to first unread message

Rouslan Solomakhin

unread,
Apr 18, 2022, 11:49:32 AMApr 18
to blink-dev

Contact emails

rou...@chromium.org

Specification

https://w3c.github.io/payment-handler/

Summary

This is an early heads up that we intend to remove the merchant origin and arbitrary data from the "canmakepayment" service worker event of the Payment Handler API. These are the event fields to be removed:

  • topOrigin
  • paymentReuqestOrigin
  • methodData
  • modifiers

The removal will be happening through the use of an origin trial at first, then a reverse origin trial, and finally removal.


Blink component

Blink>Payments

Motivation

The “canmakepayment” service worker event lets the merchant know whether the user has a card on file in an installed service-worker based payment app. It silently passes the merchants’ origin and arbitrary data to the service worker from the payment app origin. This cross-origin communication happens on new PaymentRequest() construction in JavaScript, does not require a user gesture, and does not show any user interface.

Alternatively, we have considered and dismissed the option to remove the canmakepayment” event entirely and behave as if it always returns "true", because some payment app partners have indicated to us that's what they always do. However, the data that we have collected shows that the canmakepayment” event returns "false" 1% to 6% of the time, depending on the platform.

TAG review status

Not applicable

Risks

Interoperability and Compatibility

Only Chrome has implemented the Payment Handler API.

Chrome is reaching out to the known partners that may be depending on these fields.

WebView application risks

The Payment Handler API requires the use of the PaymentRequest API. Neither API is available in WebView.


Is this feature fully tested by web-platform-tests?

Yes

Flag name

PaymentHandlerMerchantIdentity

Requires code in //chrome?

True

Estimated milestones

Origin trial: 108

Reverse origin trial: 111

Removal: 114


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5190978431352832

This intent message was generated by Chrome Platform Status.

Yoav Weiss

unread,
Apr 20, 2022, 9:24:59 AMApr 20
to Rouslan Solomakhin, blink-dev
So this intent is requesting to run the first OT M108-M110?
Any deprecation period you have in mind?

It might be better to send separate intents for the rest when their milestones get closer. 

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMMzaWFz1UFWxgOs%2BECSdF2Bt8JpsBkGtv2wMnq2pemGMmD8Fw%40mail.gmail.com.

Rouslan Solomakhin

unread,
Apr 20, 2022, 10:27:10 AMApr 20
to Yoav Weiss, blink-dev
> So this intent is requesting to run the first OT M108-M110?

Correct.

> Any deprecation period you have in mind?

Good point. We should start by printing a warning message when these fields are accessed for a few milestones. M105--M107 would be good. Do I need to resend this as an intent to deprecate first?

Yoav Weiss

unread,
Apr 20, 2022, 12:03:22 PMApr 20
to blink-dev, Rouslan Solomakhin, blink-dev, Yoav Weiss
LGTM to run Origin Trial removal 108-110

On Wednesday, April 20, 2022 at 4:27:10 PM UTC+2 Rouslan Solomakhin wrote:
> So this intent is requesting to run the first OT M108-M110?

Correct.

> Any deprecation period you have in mind?

Good point. We should start by printing a warning message when these fields are accessed for a few milestones. M105--M107 would be good. Do I need to resend this as an intent to deprecate first?

LGTM to deprecate as well. From my perspective, you could start deprecating earlier than 105, assuming we know the timelines we're aiming for.
 

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
Reply all
Reply to author
Forward
0 new messages