Intent to prototype: Payment Handler API

176 views
Skip to first unread message

Dan Glastonbury

unread,
Jul 12, 2020, 8:55:23 PM7/12/20
to dev-pl...@lists.mozilla.org
Summary:

The Payment Handler API allows web applications to register themselves as
capable of "handling payments". That is, they can handle payment requests
coming from the Payment Request API. Traditionally, handling payment
requests has been limited to OS specific payment handlers, and only to
particular browsers (Apple Pay on Safari, Google Pay for Chrome, for
instance). This new API has the potential to disrupt the payments
ecosystems, while also providing some much needed security to prevent
credit card fraud in the payments space.

Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1465682

Standard: https://w3c.github.io/payment-handler/

Platform coverage: Desktop initially, Android later.

Preference: dom.payments.handler.enabled (plus potentially others at
dom.payments.*)

DevTools bug: none yet. We're still working out the details of what we
might actually want.

Other browsers:

* Chrome shipped since version 68

web-platform-tests:
https://github.com/web-platform-tests/wpt/tree/master/payment-handler

Secure contexts: Yes

Is this feature enabled by default in sandboxed iframes?

No. We are thinking that it's only available to top-level browsing
contexts, otherwise controlled by permission policy.

Link to standards-positions discussion:

https://mozilla.github.io/standards-positions/#payment-handler (worth
prototyping)

How stable is the spec: some parts are stable (e.g., some of the events) …
other parts, not so much (e.g., payment instruments database).

Security & Privacy Concerns: a bunch of ongoing work is happening in this
space together with our colleagues at Google, as well as with the financial
industry at large. We hope that to see all that work reflected back in the
spec as we do our prototyping and find issues.

mcac...@mozilla.com

unread,
Aug 5, 2020, 11:24:36 PM8/5/20
to
After some initial prototyping, we've decided to put the Payment Handler API on hold for now. We are instead focusing on continuing to improve credit card autofill in Firefox.

We plan to continue working with the W3C's Web payments working group to see if we can come up with something better to enable secure payments on the web.
Reply all
Reply to author
Forward
0 new messages