[Webkit-unassigned] [Bug 229406] Add "payment" permissions policy

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Sep 14 17:15:46 PDT 2021


--- Comment #15 from Marcos Caceres <marcos at marcosc.com> ---
(In reply to Brad from comment #14)
> Hi glad to see progress here! This doesn't seem to resolve this duplicate
> issue: https://bugs.webkit.org/show_bug.cgi?id=226345.
> The issue is that
> https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/Modules/applepay/
> PaymentSession.cpp?rev=281885#L66 still requires the origins of ancestors
> frames to match. This seems reasonable to remove now that payments policy is
> enforced (and is not available to third parties by default).

Yes, that's definitely true. I'm guessing that's a product decision and not a bug? 

It would be great to get input from Apple Pay folks on the above, as there may be technical or security issues around the same origin enforcement.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210915/49d7c357/attachment.htm>

More information about the webkit-unassigned mailing list