Closed ianbjacobs closed 3 years ago
From the browser side, we (Chromium) are likely to require the payments
policy (https://w3c.github.io/payment-request/#permissions-policy) or some equivalent for any cross-origin iframe case.
Additionally, outside of the iframe specific question, we will also expect SPC to consume a user activation (e.g. a click), or a capability delegation token if/when that spec matures.
@stephenmcgruer,
Thank you for the comment on consuming a user activation. Here are three scenarios:
The third scenario is the "Frictionless Checkout" user journey of the scope document. If I understand from your comment, you don't think you would support this use case because there is no user activation. Is that correct?
The "Buy" button click is a user activation, so whether or not we support the 'Frictionless Checkout' flow wouldn't fall under that concern. I haven't thought through the full privacy/user-expectation implications of a completely frictionless flow yet though :D.
@ianbjacobs - I don't think there's much else to discuss here currently, so I'm going to close this issue. Please feel free to reopen if you think there's still something to be addressed.
Raised by @Goosth