Skip to content

Commit

Permalink
Add canMakePayment() method (#380)
Browse files Browse the repository at this point in the history 
This closes #310, and closes #316 (which it is roughly based on), and closes #367 by intentionally allowing user agent leeway in restricting repeated calls to canMakePayment().
  • Loading branch information
@domenic @zkoch
domenic authored and zkoch committed Dec 14, 2016
1 parent da840bb commit 33edb3b
Showing 1 changed file with 72 additions and 0 deletions.
72 changes: 72 additions & 0 deletions index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,6 +205,7 @@ <h2>
interface PaymentRequest : EventTarget {
Promise&lt;PaymentResponse&gt; show();
Promise&lt;void&gt; abort();
Promise&lt;boolean&gt; canMakePayment();

readonly attribute PaymentAddress? shippingAddress;
readonly attribute DOMString? shippingOption;
Expand Down Expand Up @@ -610,6 +611,66 @@ <h2>
</li>
</ol>
</section>
<section data-dfn-for="PaymentRequest">
<h2>
<code>canMakePayment()</code> method
</h2>
<p>
The <dfn>canMakePayment</dfn> method can be used by the developer to
determine if the <a>PaymentRequest</a> object can be used to make a
payment, before they call <a data-lt="PaymentRequest.show">show</a>.
It returns a <a>Promise</a> that will be fulfilled with true if the
<a>user agent</a> supports any of the desired <a>payment methods</a>
supplied to the <a>PaymentRequest</a> constructor, and false if none
are supported. If the method is called too often, the user agent
might instead return a promise rejected with a
<a>QuotaExceededError</a>, at its discretion.
</p>
<p>
The <a data-lt="PaymentRequest.canMakePayment">canMakePayment</a>
method MUST act as follows:
</p>
<ol>
<li>Let <var>request</var> be the <a>PaymentRequest</a> object on
which the method was called.
</li>
<li>If <var>request</var>.<a>[[\state]]</a> is not <i>created</i>,
then return a promise rejected with an <a>InvalidStateError</a>.
</li>
<li>Optionally, at the <a>user agent</a>'s discretion, return a
promise rejected with a <a>QuotaExceededError</a>.
<p class="note">
This allows user agents to apply heuristics to detect and prevent
abuse of the <a data-lt=
"PaymentRequest.canMakePayment">canMakePayment</a> method for
fingerprinting purposes, such as creating <a>PaymentRequest</a>
objects with a variety of supported <a>payment methods</a> and
calling <a>canMakePayment</a> on them one after the other. For
example, a user agent may restrict the number of successful calls
that can be made based on the <a>top-level browsing context</a>
or the time period in which those calls were made.
</p>
</li>
<li>Let <var>promise</var> be a new <a>Promise</a>.
</li>
<li>Return <var>promise</var>, and perform the remaining steps <a>in
parallel</a>.
</li>
<li>For each <var>methodData</var> in
<var>request</var>.<a>[[\methodData]]</a>:
<ol>
<li>If <var>methodData</var>.<a data-lt=
"PaymentMethodData.supportedMethods">supportedMethods</a>
contains a <a>payment method identifier</a> of a <a>payment
method</a> that the <a>user agent</a> supports, resolve
<var>promise</var> with true, and abort this algorithm.
</li>
</ol>
</li>
<li>Resolve <var>promise</var> with false.
</li>
</ol>
</section>
<section>
<h2 id="state-transitions" class="informative">
State transitions
Expand Down Expand Up @@ -2231,6 +2292,17 @@ <h2>
The payment method was not supported
</td>
</tr>
<tr>
<td>
<dfn>QuotaExceededError</dfn>
</td>
<td>
The <a data-lt=
"PaymentRequest.canMakePayment">canMakePayment</a> method was
called too often according to the <a>user agent</a>'s
heuristics.
</td>
</tr>
<tr>
<td>
<dfn>SecurityError</dfn>
Expand Down

0 comments on commit 33edb3b

Please sign in to comment.