Skip to content

Commit 5966e82

Browse files
Integrate with Feature Policy (#822)
1 parent da1bf5f commit 5966e82

File tree

1 file changed

+44
-9
lines changed

1 file changed

+44
-9
lines changed

index.html

Lines changed: 44 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -617,13 +617,11 @@

617617
act as follows:
618618
p>
619619
<ol data-link-for="PaymentDetailsBase" class="algorithm">
620-
<li data-tests=
621-
"allowpaymentrequest/active-document-cross-origin.https.sub.html, allowpaymentrequest/active-document-same-origin.https.html, allowpaymentrequest/removing-allowpaymentrequest.https.sub.html, allowpaymentrequest/setting-allowpaymentrequest-timing.https.sub.html, allowpaymentrequest/setting-allowpaymentrequest.https.sub.html">
622-
If the <a>current settings objecta>'s <a data-cite=
620+
<li>If the <a>current settings objecta>'s <a data-cite=
623621
"HTML#responsible-document">responsible documenta> is not
624-
<a>allowed to usea> the feature indicated by attribute name
625-
<a>allowpaymentrequesta>, then <a>throwa> a
626-
"<a>SecurityErrora>" <a>DOMExceptiona>.
622+
<a>allowed to usea> the "<a data-lt="payment-feature">paymenta>"
623+
feature, then <a>throwa> a "<a>SecurityErrora>"
624+
<a>DOMExceptiona>.
627625
li>
628626
<li>Let <var>serializedMethodDatavar> be an empty list.
629627
li>
@@ -3475,12 +3473,49 @@

34753473
<h2>
34763474
<code>PaymentRequestcode> and <code>iframecode> elements
34773475
h2>
3478-
<p data-tests=
3479-
"allowpaymentrequest/active-document-cross-origin.https.sub.html, allowpaymentrequest/active-document-same-origin.https.html, allowpaymentrequest/allowpaymentrequest-attribute-cross-origin-bc-containers.https.html, allowpaymentrequest/allowpaymentrequest-attribute-same-origin-bc-containers.https.html, allowpaymentrequest/basic.https.html, allowpaymentrequest/no-attribute-cross-origin-bc-containers.https.html, allowpaymentrequest/no-attribute-same-origin-bc-containers.https.html, allowpaymentrequest/removing-allowpaymentrequest.https.sub.html, allowpaymentrequest/setting-allowpaymentrequest-timing.https.sub.html, allowpaymentrequest/setting-allowpaymentrequest.https.sub.html">
3476+
<p>
34803477
To indicate that a cross-origin <a>iframea> is allowed to invoke the
34813478
payment request API, the <a>allowpaymentrequesta> attribute can be
3482-
specified on the <a>iframea> element.
3479+
specified on the <a>iframea> element. See <a href=
3480+
"#feature-policy">a> for details of how <a>allowpaymentrequesta>
3481+
and <a data-cite="feature-policy">Feature Policya> interact.
3482+
p>
3483+
section>
3484+
<section id="feature-policy">
3485+
<h2>
3486+
Feature Policy integration
3487+
h2>
3488+
<p>
3489+
This specification defines a policy-controlled feature identified by
3490+
the string "<code><dfn data-lt="payment-feature" data-nodefault=
3491+
"">paymentdfn>code>". Its <a href=
3492+
"feature-policy#default-allowlist">default allowlista> is
3493+
'<code>selfcode>'.
34833494
p>
3495+
<div class="note">
3496+
<p>
3497+
A <a data-cite="html#concept-document">documenta>’s <a data-cite=
3498+
"html/multipage/dom.html#concept-document-feature-policy">feature
3499+
policya> determines whether any content in that document is allowed
3500+
to construct <a>PaymentRequesta> instances. If disabled in any
3501+
document, no content in the document will be <a>allowed to usea>
3502+
the <a>PaymentRequesta> constructor (trying to create an instance
3503+
will throw).
3504+
p>
3505+
<p>
3506+
The <a>allowpaymentrequesta> attribute of the HTML <a>iframea>
3507+
element affects the <a data-cite=
3508+
"feature-policy#container-policy">container policya> for any
3509+
document nested in that iframe. Unless overridden by the
3510+
<code><a data-cite=
3511+
"html/multipage/iframe-embed-object.html#attr-iframe-allow">allowa>code>
3512+
attribute, setting <a>allowpaymentrequesta> on an iframe is
3513+
equivalent to <code><iframe allow="fullscreen *">code>, as
3514+
described in <a href=
3515+
"feature-policy#iframe-allowpaymentrequest-attribute">Feature Policy
3516+
§iframe-allowpaymentrequest-attributea>.
3517+
p>
3518+
div>
34843519
section>
34853520
<section>
34863521
<h2>

0 commit comments

Comments
 (0)