Is there no way to use credit card autofill within a brower_action default_popup?

[te...@bundle.delivery]

Hello,

I'm having trouble getting rid of the following error tooltip:

"Automatic credit card filling is disabled because this form does not use a secure connection."

However, my form is served via HTTPS.

My Chrome extension is structured as follows:

1. My manifest.json declares a popup.html for the browser_action:
   
   "browser_action": {

   "default_popup": "popup.html"

   },
   

   "content_security_policy": "(snipped for brevity); frame-src https://my-example-site.com;"
2. My popup.html only has an iframe in it:
   
   <html>

   <body>

   <iframe src="https://my-example-site.com"></iframe>

   </body>

   </html>

https://example-site.com has a valid certificate, no mixed content, and no errors or warnings in the console.

It contains a credit card form. Unfortunately, I cannot turn autocomplete off for it (it's Stripe, so it's locked behind another https iframe).

Another user ran into a similar issue on StackOverflow.com. The conclusion may be that the top-level popup itself is a page that cannot be considered HTTPS.

That being said, is there no way to use credit card autofill within a browser action's default popup?

And if not, is there any way to disable this warning for every user of the extension?

[John Kaufmann]

I'm having a similar issue. Is there any way around this? This is a pretty pivotal change in experience.

[sim...@chromium.org]

"This is a pretty pivotal change in experience" did this behavior change recently? This sounds like a bug, and a not great one at that. Have either of you file an issue on crbug.com?

Simeon

Developer Advocate

[Paweł Moczulski]

Offtop: what kind of payment provider do you use?

[Bundle Team]

@Simeon: Not aware how long this issue has been occurring for others, but from that similar StackOverflow question I posted, it's at least since April of last year. Happy to post a bug if this isn't intended behavior. I'm guessing it would require extension popups to be treated as secure pages?

@Paweł Moczulski: we're using Stripe.

[John Kaufmann]

Bump. Played around a little more, no solution in sight.

[PhistucK]

No need to bump, just use crbug.com to report the issue.

☆PhistucK

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/a7f40da2-39e5-4e4a-91dc-66b3faa9941a%40chromium.org.
For more options, visit https://groups.google.com/a/chromium.org/d/optout.

[Bundle Team]

Bug has been reported here: https://bugs.chromium.org/p/chromium/issues/detail?id=923013

Thanks everyone!

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.