Contact emailsnbur...@chromium.org, smcgr...@chromium.org, i...@chromium.org
Specificationhttps://github.com/w3c/payment-request/pull/1009 Design docs https://docs.google.com/document/d/16DHqqPWe5oM6Rucnn6Y1llhJ-DoEeLtTWFldJFg4iqA/edit#heading=h.w5782xqp7ab4 Summary To help developers reduce friction in Payment Request flows, we are removing the user activation requirement for PaymentRequest.show(). Spam and clickjacking mitigations are put in place to mitigate security and privacy risks with this change (see design doc <https://docs.google.com/document/d/16DHqqPWe5oM6Rucnn6Y1llhJ-DoEeLtTWFldJFg4iqA/edit#heading=h.9tic5lqm5god> ). Blink componentBlink>Payments <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EPayments> TAG reviewNone TAG review statusNot applicable Risks Interoperability and Compatibility*Gecko*: No signal *WebKit*: No signal *Web developers*: We've received direct feedback from web developers that they would be able to reduce friction in their redirect-based payment flows if PaymentRequest.show() could be initiated without a user activation. *Other signals*: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None Debuggability Existing debuggability for PaymentRequest; e.g. a specific SecurityError is thrown when an activationless show() call is not allowed. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?Yes Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ?Yes Flag name--enable-blink-features=PaymentRequestActivationlessShow Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=1454204 Estimated milestones DevTrial on desktop 117 DevTrial on Android 117 Anticipated spec changes https://github.com/w3c/payment-request/pull/1009 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/4879115349393408 This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADvKJHOuA%2BEMEWO7heQJeZkr%2BU%2BtndoVuXenCeC7xQ_ENXy9RQ%40mail.gmail.com.
