> Note that this approach requires us to standardize the JWT, whereas serving > the "UI" from the payment provider does not. That is definitely an added > protocol risk. I would love to standardize the JWT down the road, but its > easier and more extensible if we can punt on that initially. It also means we > are taking more of the localization and logic into the client.
Indeed. > Fernando, how long are these changes going to take? I am pretty concerned > about the schedule here. I'll do my best to have this changes ready for tonight, so it can be reviewed as soon as possible. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security