Limit MIME types of Payment Handler Navigations from Chrome 89

6 views

Skip to first unread message

Liquan (Max) Gu

unread,

Jan 20, 2021, 11:54:54 AM1/20/21

to payment...@chromium.org, paymen...@chromium.org, zouy...@google.com, wen...@google.com, jam...@google.com

Hi developers,

From version 89, Chrome will limit the web-based payment handler navigations to the following MIME types:

text/*
image/*
video/*
application/javascript
application/xml
application/json

Specifically, Chrome throttles these payment handler navigations by inspecting the response headers of these navigations. This applies to main frames and iframes. If the frame is navigating to a page whose MIME type is not in the above-mentioned list, this navigation will be blocked.

By protecting users from the vulnerabilities of the lesser maintained MIME types, the change will make payment handlers safer to use. We anticipate that the allow list should satisfy a majority of needs. If you find other MIME types necessary for payment handlers, please advise paymen...@chromium.org.

Thanks,

Max

Reply all

Reply to author

Forward

0 new messages