[Webkit-unassigned] [Bug 264379] REGRESSION (Safari 17.1): Apple Pay Cross-origin frame cancels and cannot complete payment
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 13 17:06:54 PST 2023
https://bugs.webkit.org/show_bug.cgi?id=264379
Abrar Rahman Protyasha <a_protyasha at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |a_protyasha at apple.com
--- Comment #9 from Abrar Rahman Protyasha <a_protyasha at apple.com> ---
Hi jwoody2014 at yahoo.com, thanks for filing the report. Nothing of note has changed in this area between iOS 17.0 and iOS 17.1.
>From some of our local testing, we think this is behaving as expected. The host in the merchant session (`domainName`) needs to match the host of the originating URL WebKit set (which is the top document).
Cross-origin iframe support requires the merchant session to be for the top-level host, not the iframe. If we don’t do that then all the Apple Pay payments for your website get reported as “<payment-provider-iframe-url>” which erodes security measures to identify problematic sites.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20231114/53dbbf5e/attachment.htm>
More information about the webkit-unassigned
mailing list