Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarify the displayItems are not shared with payment handler #626

Closed
marcoscaceres opened this issue Sep 19, 2017 · 9 comments
Closed

Clarify the displayItems are not shared with payment handler #626

marcoscaceres opened this issue Sep 19, 2017 · 9 comments
Labels
privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.

Comments

@marcoscaceres
Copy link
Member

People are concerned about their purchases being sent to third-party payment handlers (via displayItems) .

In the privacy section, we should make it crystal clear that these don't get sent to third-party payment handlers. We might also want to tighten text around that in a normative sense.

@marcoscaceres marcoscaceres added the privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. label Sep 19, 2017
@ianbjacobs
Copy link
Collaborator

It is already the case that Payment Handler API does not include displayItems. Do we need to say more in Payment Request API?

@marcoscaceres
Copy link
Member Author

It's more about things like native apps acting as payment handlers (not really concerned about tech we control at w3c). It's unclear what happens there.

@rsolomakhin
Copy link
Collaborator

rsolomakhin commented Sep 19, 2017

Android payment apps don't get display items.

"Is ready to pay" params:

  • methodNames
  • methodData
  • topLevelOrigin
  • topLevelCertificateChain
  • paymentRequestOrigin

Payment params:

  • methodNames
  • methodData
  • topLevelOrigin
  • topLevelCertificateChain
  • paymentRequestOrigin
  • total
  • modifiers (including only supportedMethods, data, and total)
  • paymentRequestId

@marcoscaceres
Copy link
Member Author

That's awesome to hear and see. Note that I want to add the note because I know it's going to keep coming up as a question (someone already asked me about this on the twitters). I want developers and users to feel at ease with the API (hence adding a note). I'm not worried that anyone is actually leaking this info out of the browser.

@markalanrichards
Copy link

@marcoscaceres thanks 👍
After the chat on Twitter I thought I'd pop on here to raise a PR as suggested and realised you were way ahead of me

@marcoscaceres
Copy link
Member Author

marcoscaceres commented Sep 20, 2017

@markalanrichards, no problem. Sorry, was about to ping you on twitter to let you know I'd filed this. I'll ping you for review once I draft somethings... or if you are feeling up to it, and want to propose some text, that's also very welcomed!

@marcoscaceres
Copy link
Member Author

Ah, just saw you sent a pull request also. Excellent. Will make comments there.

@cyberphone
Copy link

You may run into issues here. Showing line items in native apps is going to be a standard feature. Sending them to the bank is an entirely different thing.

marcoscaceres pushed a commit that referenced this issue Jan 22, 2018
@marcoscaceres
Copy link
Member Author

Closed via #670

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.
Projects
None yet
Development

No branches or pull requests

5 participants