Payment Request doesn't require a user action to show UI

[it-ony]

Opening popup windows, playing audio or showing the native browser share dialog requires always a user action. Not so for the payment request api.

See the following example where the popup is blocked, but the native UI for the payment request is shown.

<!doctype html>
<html lang="en">
<head>
</head>
<body>
    <script>
        // blocked, as a user action is missing
        window.open("https://google.com");

        setTimeout(function() {
            var paymentRequest = new PaymentRequest([{
                supportedMethods: ["basic-card"],
                data: {
                    supportedNetworks: ['visa', 'mastercard', 'amex', 'diners', 'discover', 'jcb']    // TODO: generate this from the available payment types of the api
                }
            }], {
                total: {
                    label: "Total",
                    amount: {
                        currency: "USD",
                        value: 20
                    }
                }
            });

            paymentRequest.show();

        }, 100);

    </script>

</body>
</html>

[rsolomakhin]

The user action is required to approve the payment. cc @zkoch

[it-ony]

True, but it could be used to annoy the user.

For every other dialog, browsers are now coming up with ideas to not annoy the user with unexpected behavior. E.g. for the beforeunload dialog, the user needed to have interacted with the web page before this can be shown. Alert dialogs have a checkbox to prevent the dialog in the future, etc...

Just figured out that this dialog, doesn't prevent the user from navigating. Which is an advantage as the user can navigate simply away from the side.

Which user action is needed, if the payment option is android pay?

[rsolomakhin]

Approving Android Pay payment requires the user to either tap "Continue" and optionally scan their fingerprint in the Android Pay UI, depending on their device and settings.