To help developers reduce friction in Payment Request flows, we are removing the user activation requirement for PaymentRequest.show(). Spam and clickjacking mitigations are put in place to mitigate security and privacy risks with this change (see design doc).
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None
Existing debuggability for PaymentRequest; e.g. a specific SecurityError is thrown when an activationless show() call is not allowed.
DevTrial on desktop | 117 |
DevTrial on Android | 117 |
Contact emails
nbu...@chromium.org, smcg...@chromium.org, ic...@chromium.orgSpecification
https://github.com/w3c/payment-request/pull/1009
Design docs
https://docs.google.com/document/d/16DHqqPWe5oM6Rucnn6Y1llhJ-DoEeLtTWFldJFg4iqA/edit#heading=h.w5782xqp7ab4Summary
To help developers reduce friction in Payment Request flows, we are removing the user activation requirement for PaymentRequest.show(). Spam and clickjacking mitigations are put in place to mitigate security and privacy risks with this change (see design doc).
Blink component
Blink>PaymentsTAG review
NoneTAG review status
Not applicableRisks
Interoperability and Compatibility
Gecko: No signal
WebKit: No signal
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADvKJHOuA%2BEMEWO7heQJeZkr%2BU%2BtndoVuXenCeC7xQ_ENXy9RQ%40mail.gmail.com.
Hi Yoav, thanks for the questions!> The PR seems to be a draft. What's preventing us from landing it? Was this discussed in some public forum?We intend to land the PR before shipping this feature. It has been discussed broadly in the Web Payments WG, but I expect to raise the specific PR for discussion as well. (Though note that at the current point, I believe Chrome is the only active browser vendor in that WG. Apple have stated interest in rejoining it, but are waiting for an in-progress charter change first.)> I'm having a hard time imagining the use case for activation-less payments. Is there a concrete example you can share?Fair question, and I apologize - we should have motivated this more clearly externally. The core use-cases are based around redirect payment flows, which are fairly common in payments. Two coarse examples we have heard are:1. A merchant-aggregator page showing products from many different merchants. If a user decides to buy something with a given payment method, the aggregator page redirects to the specific merchant. The merchant then wants to trigger payment, without requiring the user to click again on their chosen payment method.2. A redirect-based payment flow, where the payment method wants to trigger a natively installed experience (via Payment Handler) without the user having to click again. (E.g., user is on merchant.example, chooses to pay with FooPay. The merchant site redirects to foopay.example. FooPay then wants to trigger its natively installed app on the phone, if available, but doesn't want to require the user to click again.We are cognizant that this may be a risky change, and have consulted internal security folks on it in detail. From that, there are mitigations laid out in the design doc, and we are also intending to monitor for potential misuse.
--
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFUtAY_7ZCW3f-uEv%3DcsRY_qtmOzJGujoXVcXfvC7BiCusUfhg%40mail.gmail.com.
LGTM3
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADY3Maev1jVfi8f4ZAt57x0nZF2OdpCQBEu9qbiNbm%2BLfvx0wA%40mail.gmail.com.