[Webkit-unassigned] [Bug 229406] Add "payment" permissions policy
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Aug 26 14:33:30 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=229406
--- Comment #5 from Devin Rousso <drousso at apple.com> ---
Comment on attachment 436180
--> https://bugs.webkit.org/attachment.cgi?id=436180
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=436180&action=review
> Source/WebCore/Modules/paymentrequest/PaymentRequest.cpp:294
> + if (!isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type::Payment, document, LogFeaturePolicyFailure::Yes))
Rather than doing this here, I wonder if this should be moved to `PaymentSession::canCreateSession` so that stuff like `ApplePaySession.canMakePayments` would also throw unless the `"payment"` feature policy is allowed. This would also cover someone trying to use the Apple Pay JS API <https://developer.apple.com/documentation/apple_pay_on_the_web/apple_pay_js_api>, which I'd imagine should also be covered by this.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210826/5a497a22/attachment.htm>
More information about the webkit-unassigned
mailing list