Intent to Implement and Ship: Remove Secure Payment Confirmation user activation requirement

86 views
Skip to first unread message

Nick Burris

unread,
Apr 17, 2023, 3:42:20 PM4/17/23
to blink-dev, Stephen McGruer, Kaan Icer

Contact emails

nbu...@chromium.orgsmcg...@chromium.orgic...@chromium.org

Specification

https://github.com/w3c/secure-payment-confirmation/pull/236

Design docs

https://docs.google.com/document/d/1DW4hGyuVzcN8sE8TC3YOkg6xO4XpUGZQNxcHgfMXVwA

Summary

To help developers reduce friction in Secure Payment Confirmation flows, we are removing the user activation requirement. Spam and clickjacking mitigations are put in place to mitigate security and privacy risks with this change (see design doc).



Blink component

Blink>Payments

TAG review

None

TAG review status

Not applicable

Risks

Interoperability and Compatibility

Gecko: No signal

WebKit: No signal

Web developers: We've received direct feedback from web developers that they would be able to reduce friction in their redirect-based payment flows if SPC could be initiated without a user activation.

Other signals:

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

None



Debuggability

Existing debuggability for SPC; e.g. a specific SecurityError is thrown when an activationless show() call is not allowed (see this test page).

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

No, only features where SPC is already shipped: Windows, Mac, Android

Is this feature fully tested by web-platform-tests?

Yes (to be updated with implementation)

Flag name

--enable-blink-features=SecurePaymentConfirmationActivationlessShow

Requires code in //chrome?

False

Estimated milestones

Shipping on desktop114
Shipping on Android114


Anticipated spec changes

https://github.com/w3c/secure-payment-confirmation/pull/236

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5197059260416000

This intent message was generated by Chrome Platform Status.

Yoav Weiss

unread,
Apr 19, 2023, 3:45:37 AM4/19/23
to Nick Burris, blink-dev, Stephen McGruer, Kaan Icer
On Mon, Apr 17, 2023 at 9:42 PM Nick Burris <nbu...@chromium.org> wrote:

Contact emails

nbu...@chromium.orgsmcg...@chromium.orgic...@chromium.org

Specification

https://github.com/w3c/secure-payment-confirmation/pull/236

Design docs

https://docs.google.com/document/d/1DW4hGyuVzcN8sE8TC3YOkg6xO4XpUGZQNxcHgfMXVwA

Summary

To help developers reduce friction in Secure Payment Confirmation flows, we are removing the user activation requirement. Spam and clickjacking mitigations are put in place to mitigate security and privacy risks with this change (see design doc).



Blink component

Blink>Payments

TAG review

None

TAG review status

Not applicable

Risks

Interoperability and Compatibility

Gecko: No signal

WebKit: No signal

Have we asked for a signal? Are they shipping this feature?
 
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADvKJHN9Rp4gYYZJ4Jx9iwMiA3jS%2BagC_7L5dWkEGrWo8OLX4w%40mail.gmail.com.

Nick Burris

unread,
Apr 19, 2023, 2:05:08 PM4/19/23
to blink-dev, Yoav Weiss, blink-dev, Stephen McGruer, Kaan Icer, Nick Burris
Le mercredi 19 avril 2023 à 03 h 45 min 37 s UTC-4, Yoav Weiss a écrit :
On Mon, Apr 17, 2023 at 9:42 PM Nick Burris <nbu...@chromium.org> wrote:


Summary

To help developers reduce friction in Secure Payment Confirmation flows, we are removing the user activation requirement. Spam and clickjacking mitigations are put in place to mitigate security and privacy risks with this change (see design doc).



Blink componentBlink>Payments

TAG reviewNone

TAG review statusNot applicable

Risks
Interoperability and CompatibilityGecko: No signal

WebKit: No signal

Have we asked for a signal? Are they shipping this feature?

They have not shipped Secure Payment Confirmation as a whole, so we don't have signals for this incremental change. We have open standards positions issues for Gecko (mozilla/standards-positions/issues/570) and WebKit (WebKit/standards-positions/issues/30).
 
 

Web developers: We've received direct feedback from web developers that they would be able to reduce friction in their redirect-based payment flows if SPC could be initiated without a user activation.

Other signals:

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

None



Debuggability

Existing debuggability for SPC; e.g. a specific SecurityError is thrown when an activationless show() call is not allowed (see this test page).

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?No, only features where SPC is already shipped: Windows, Mac, Android

Is this feature fully tested by web-platform-tests?Yes (to be updated with implementation)


Flag name--enable-blink-features=SecurePaymentConfirmationActivationlessShow

Requires code in //chrome?False

Estimated milestonesShipping on desktop114Shipping on Android114

Anticipated spec changes
https://github.com/w3c/secure-payment-confirmation/pull/236

Link to entry on the Chrome Platform Statushttps://chromestatus.com/feature/5197059260416000


This intent message was generated by Chrome Platform Status.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

Rick Byers

unread,
Apr 25, 2023, 10:15:40 AM4/25/23
to Nick Burris, blink-dev, Yoav Weiss, Stephen McGruer, Kaan Icer
This is a small behavior change to a shipped feature with no explicit API exposure. LGTM1

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/6fd8eabf-2e7e-4af3-94cf-57fe5a555483n%40chromium.org.

Yoav Weiss

unread,
Apr 25, 2023, 11:06:35 AM4/25/23
to Rick Byers, Nick Burris, blink-dev, Stephen McGruer, Kaan Icer
LGTM2

Mike Taylor

unread,
Apr 25, 2023, 11:30:44 AM4/25/23
to Yoav Weiss, Rick Byers, Nick Burris, blink-dev, Stephen McGruer, Kaan Icer

LGTM3

LGTM2

DebuggabilityExisting debuggability for SPC; e.g. a specific SecurityError is thrown when an activationless show() call is not allowed (see this test page).


Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?No, only features where SPC is already shipped: Windows, Mac, Android

Is this feature fully tested by web-platform-tests?Yes (to be updated with implementation)

Flag name--enable-blink-features=SecurePaymentConfirmationActivationlessShow

Requires code in //chrome?False

Estimated milestonesShipping on desktop114Shipping on Android114

Anticipated spec changes
https://github.com/w3c/secure-payment-confirmation/pull/236

Link to entry on the Chrome Platform Statushttps://chromestatus.com/feature/5197059260416000

This intent message was generated by Chrome Platform Status.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADvKJHN9Rp4gYYZJ4Jx9iwMiA3jS%2BagC_7L5dWkEGrWo8OLX4w%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/6fd8eabf-2e7e-4af3-94cf-57fe5a555483n%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

Nick Burris

unread,
Apr 27, 2023, 4:01:27 PM4/27/23
to blink-dev, Mike Taylor, Nick Burris, blink-dev, Stephen McGruer, Kaan Icer, Yoav Weiss, Rick Byers
Thanks all! FYI we are going to push this back a milestone to target M115 to spend more time investigating improved spam mitigations (see design doc security section).

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
Reply all
Reply to author
Forward
0 new messages