Summary: The Payment Handler API allows web applications to register themselves as capable of "handling payments". That is, they can handle payment requests coming from the Payment Request API. Traditionally, handling payment requests has been limited to OS specific payment handlers, and only to particular browsers (Apple Pay on Safari, Google Pay for Chrome, for instance). This new API has the potential to disrupt the payments ecosystems, while also providing some much needed security to prevent credit card fraud in the payments space.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1465682 Standard: https://w3c.github.io/payment-handler/ Platform coverage: Desktop initially, Android later. Preference: dom.payments.handler.enabled (plus potentially others at dom.payments.*) DevTools bug: none yet. We're still working out the details of what we might actually want. Other browsers: * Chrome shipped since version 68 web-platform-tests: https://github.com/web-platform-tests/wpt/tree/master/payment-handler Secure contexts: Yes Is this feature enabled by default in sandboxed iframes? No. We are thinking that it's only available to top-level browsing contexts, otherwise controlled by permission policy. Link to standards-positions discussion: https://mozilla.github.io/standards-positions/#payment-handler (worth prototyping) How stable is the spec: some parts are stable (e.g., some of the events) … other parts, not so much (e.g., payment instruments database). Security & Privacy Concerns: a bunch of ongoing work is happening in this space together with our colleagues at Google, as well as with the financial industry at large. We hope that to see all that work reflected back in the spec as we do our prototyping and find issues. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform