[Webkit-unassigned] [Bug 229406] Add "payment" permissions policy

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Sep 14 17:15:46 PDT 2021


https://bugs.webkit.org/show_bug.cgi?id=229406

--- Comment #15 from Marcos Caceres <marcos at marcosc.com> ---
(In reply to Brad from comment #14)
> Hi glad to see progress here! This doesn't seem to resolve this duplicate
> issue: https://bugs.webkit.org/show_bug.cgi?id=226345.
> 
> The issue is that
> https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/Modules/applepay/
> PaymentSession.cpp?rev=281885#L66 still requires the origins of ancestors
> frames to match. This seems reasonable to remove now that payments policy is
> enforced (and is not available to third parties by default).

Yes, that's definitely true. I'm guessing that's a product decision and not a bug? 

It would be great to get input from Apple Pay folks on the above, as there may be technical or security issues around the same origin enforcement.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210915/49d7c357/attachment.htm>


More information about the webkit-unassigned mailing list