I believe that validating the data during construction is actually correct (or at least, useful) as it is trivial checking (e.g., If data["credentialIds"] is empty, return false.). There is actually a PaymentRequest issue tracking adding a concept for this - https://github.com/w3c/payment-request/pull/976, for which I have a PR (https://github.com/w3c/payment-request/pull/977) that could address it, but it needs a little TLC.
I would like us to try to get that PR landed, and then update the SPC spec to do some of the validation during construction.
Currently, the spec does all its data validation in the steps to check if a payment can be made, which are called during show() processing (step 16.6.1). This is at odds with the actual implementation in Chrome, which validates a lot of the data during construction, not
show()
(e.g., see https://wpt.fyi/results/secure-payment-confirmation/constructor.https.html?label=master&label=experimental&aligned).I believe that validating the data during construction is actually correct (or at least, useful) as it is trivial checking (e.g.,
If data["credentialIds"] is empty, return false.
). There is actually a PaymentRequest issue tracking adding a concept for this - https://github.com/w3c/payment-request/pull/976, for which I have a PR (https://github.com/w3c/payment-request/pull/977) that could address it, but it needs a little TLC.I would like us to try to get that PR landed, and then update the SPC spec to do some of the validation during construction.