Note in explainer re: user activation (removal)

w3c / secure-payment-confirmation

Secure Payment Confirmation (SPC)

https://w3c.github.io/secure-payment-confirmation/

Other

115 stars 39 forks source link

Note in explainer re: user activation (removal) #230

Closed ianbjacobs closed 1 year ago

ianbjacobs commented 1 year ago

Per TAG review [1], adding a note to Security Considerations about the click-jacking risk and how the browser mitigates it.

[1] https://github.com/w3ctag/design-reviews/issues/802#issuecomment-1422225875

Preview | Diff

stephenmcgruer commented 1 year ago

So the content here generally looks ok, but I don't think we should merge this yet. The specification does not yet allow for lack of user activation - we haven't sent nor landed a PR for https://github.com/w3c/secure-payment-confirmation/issues/216 . I think we should do that first and only then should we land this explainer section (and we can link into the spec for details).

WDYT?

ianbjacobs commented 1 year ago

Agreed; I've added a "blocked" label so that we hold on this until 216 has landed.

ianbjacobs commented 1 year ago

Noting this relates to pull request #236