Intent to Implement and Ship: Remove Secure Payment Confirmation user activation requirement

Nick Burris

unread,

Apr 17, 2023, 3:42:20 PM4/17/23

to blink-dev, Stephen McGruer, Kaan Icer

Summary

To help developers reduce friction in Secure Payment Confirmation flows, we are removing the user activation requirement. Spam and clickjacking mitigations are put in place to mitigate security and privacy risks with this change (see design doc).

Blink component

Blink>Payments

TAG review

None

TAG review status

Not applicable

Risks

Interoperability and Compatibility

Gecko: No signal

WebKit: No signal

Web developers: We've received direct feedback from web developers that they would be able to reduce friction in their redirect-based payment flows if SPC could be initiated without a user activation.

Other signals:

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

None

Debuggability

Existing debuggability for SPC; e.g. a specific SecurityError is thrown when an activationless show() call is not allowed (see this test page).

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

No, only features where SPC is already shipped: Windows, Mac, Android

Is this feature fully tested by web-platform-tests?

Yes (to be updated with implementation)

Flag name

--enable-blink-features=SecurePaymentConfirmationActivationlessShow

Requires code in //chrome?

False

Estimated milestones

Shipping on desktop

114

Shipping on Android

114

Anticipated spec changes

https://github.com/w3c/secure-payment-confirmation/pull/236

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5197059260416000

This intent message was generated by Chrome Platform Status.

Yoav Weiss

unread,

Apr 19, 2023, 3:45:37 AM4/19/23

to Nick Burris, blink-dev, Stephen McGruer, Kaan Icer

On Mon, Apr 17, 2023 at 9:42 PM Nick Burris <nbu...@chromium.org> wrote:

Contact emails
nbu...@chromium.org, smcg...@chromium.org, ic...@chromium.org

Specification
https://github.com/w3c/secure-payment-confirmation/pull/236

Design docs
https://docs.google.com/document/d/1DW4hGyuVzcN8sE8TC3YOkg6xO4XpUGZQNxcHgfMXVwA

Summary
To help developers reduce friction in Secure Payment Confirmation flows, we are removing the user activation requirement. Spam and clickjacking mitigations are put in place to mitigate security and privacy risks with this change (see design doc).

Blink component
Blink>Payments

TAG review
None

TAG review status
Not applicable

Risks
Interoperability and Compatibility
Gecko: No signal

WebKit: No signal

Have we asked for a signal? Are they shipping this feature?

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADvKJHN9Rp4gYYZJ4Jx9iwMiA3jS%2BagC_7L5dWkEGrWo8OLX4w%40mail.gmail.com.

Nick Burris

unread,

Apr 19, 2023, 2:05:08 PM4/19/23

to blink-dev, Yoav Weiss, blink-dev, Stephen McGruer, Kaan Icer, Nick Burris

Le mercredi 19 avril 2023 à 03 h 45 min 37 s UTC-4, Yoav Weiss a écrit :

On Mon, Apr 17, 2023 at 9:42 PM Nick Burris <nbu...@chromium.org> wrote:

Contact emailsnbu...@chromium.org, smcgruer@chromium.org, icer@chromium.org

Specificationhttps://github.com/w3c/secure-payment-confirmation/pull/236

Design docshttps://docs.google.com/document/d/1DW4hGyuVzcN8sE8TC3YOkg6xO4XpUGZQNxcHgfMXVwA

Summary
To help developers reduce friction in Secure Payment Confirmation flows, we are removing the user activation requirement. Spam and clickjacking mitigations are put in place to mitigate security and privacy risks with this change (see design doc).

Blink componentBlink>Payments

TAG reviewNone

TAG review statusNot applicable

Risks

Interoperability and CompatibilityGecko: No signal

WebKit: No signal

Have we asked for a signal? Are they shipping this feature?

They have not shipped Secure Payment Confirmation as a whole, so we don't have signals for this incremental change. We have open standards positions issues for Gecko (mozilla/standards-positions/issues/570) and WebKit (WebKit/standards-positions/issues/30).

Web developers: We've received direct feedback from web developers that they would be able to reduce friction in their redirect-based payment flows if SPC could be initiated without a user activation.

Other signals:

WebView application risks
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None

Debuggability
Existing debuggability for SPC; e.g. a specific SecurityError is thrown when an activationless show() call is not allowed (see this test page).

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?No, only features where SPC is already shipped: Windows, Mac, Android

Is this feature fully tested by web-platform-tests?Yes (to be updated with implementation)

Flag name--enable-blink-features=SecurePaymentConfirmationActivationlessShow

Requires code in //chrome?False

Estimated milestonesShipping on desktop114Shipping on Android114

Anticipated spec changes
https://github.com/w3c/secure-payment-confirmation/pull/236

Link to entry on the Chrome Platform Statushttps://chromestatus.com/feature/5197059260416000

This intent message was generated by Chrome Platform Status.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

Rick Byers

unread,

Apr 25, 2023, 10:15:40 AM4/25/23

to Nick Burris, blink-dev, Yoav Weiss, Stephen McGruer, Kaan Icer

This is a small behavior change to a shipped feature with no explicit API exposure. LGTM1

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/6fd8eabf-2e7e-4af3-94cf-57fe5a555483n%40chromium.org.

Yoav Weiss

unread,

Apr 25, 2023, 11:06:35 AM4/25/23

to Rick Byers, Nick Burris, blink-dev, Stephen McGruer, Kaan Icer

LGTM2

Mike Taylor

unread,

Apr 25, 2023, 11:30:44 AM4/25/23

to Yoav Weiss, Rick Byers, Nick Burris, blink-dev, Stephen McGruer, Kaan Icer

LGTM3

LGTM2

DebuggabilityExisting debuggability for SPC; e.g. a specific SecurityError is thrown when an activationless show() call is not allowed (see this test page).

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?No, only features where SPC is already shipped: Windows, Mac, Android

Is this feature fully tested by web-platform-tests?Yes (to be updated with implementation)

Flag name--enable-blink-features=SecurePaymentConfirmationActivationlessShow

Requires code in //chrome?False

Estimated milestonesShipping on desktop114Shipping on Android114

Anticipated spec changes
https://github.com/w3c/secure-payment-confirmation/pull/236

Link to entry on the Chrome Platform Statushttps://chromestatus.com/feature/5197059260416000

This intent message was generated by Chrome Platform Status.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADvKJHN9Rp4gYYZJ4Jx9iwMiA3jS%2BagC_7L5dWkEGrWo8OLX4w%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/6fd8eabf-2e7e-4af3-94cf-57fe5a555483n%40chromium.org.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfW3R7Ax-OYG7nu9%3DBOW6n5vBM6QFzTYdtMuxvZWJW8%3DKA%40mail.gmail.com.

Nick Burris

unread,

Apr 27, 2023, 4:01:27 PM4/27/23

to blink-dev, Mike Taylor, Nick Burris, blink-dev, Stephen McGruer, Kaan Icer, Yoav Weiss, Rick Byers

Thanks all! FYI we are going to push this back a milestone to target M115 to spend more time investigating improved spam mitigations (see design doc security section).

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/6fd8eabf-2e7e-4af3-94cf-57fe5a555483n%40chromium.org.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfW3R7Ax-OYG7nu9%3DBOW6n5vBM6QFzTYdtMuxvZWJW8%3DKA%40mail.gmail.com.

Reply all

Reply to author

Forward