|
632 | 632 | Promise<undefined> abort();
|
633 | 633 | [NewObject]
|
634 | 634 | Promise<boolean> canMakePayment();
|
635 |
| - [NewObject] |
636 |
| - Promise<boolean> hasEnrolledInstrument(); |
637 | 635 |
|
638 | 636 | readonly attribute DOMString id;
|
639 | 637 | readonly attribute PaymentAddress? shippingAddress;
|
|
1367 | 1365 | <h2>
|
1368 | 1366 | <dfn>canMakePayment()dfn> method
|
1369 | 1367 | h2>
|
1370 |
| - <div class="note" title="canMakePayment() vs hasEnrolledInstrument()"> |
| 1368 | + <div class="note" title="canMakePayment()"> |
1371 | 1369 | <p>
|
1372 | 1370 | The {{PaymentRequest/canMakePayment()}} method can be used by the
|
1373 | 1371 | developer to determine if the <a>user agenta> has support for one
|
|
1377 | 1375 | <p>
|
1378 | 1376 | A true result from {{PaymentRequest/canMakePayment()}} does not
|
1379 | 1377 | imply that the user has a provisioned instrument ready for payment.
|
1380 |
| - For that, use {{PaymentRequest/hasEnrolledInstrument()}} instead. |
1381 | 1378 | p>
|
1382 | 1379 | div>
|
1383 | 1380 | <p data-tests="payment-request-canmakepayment-method.https.html">
|
1384 | 1381 | The {{PaymentRequest/canMakePayment()}} method MUST run the <a>can
|
1385 |
| - make payment algorithma> with |checkForInstruments| set to false. |
1386 |
| - p> |
1387 |
| - section> |
1388 |
| - <section data-dfn-for="PaymentRequest"> |
1389 |
| - <h2> |
1390 |
| - <dfn>hasEnrolledInstrument()dfn> method |
1391 |
| - h2> |
1392 |
| - <p class="note"> |
1393 |
| - The {{PaymentRequest/hasEnrolledInstrument()}} method can be used by |
1394 |
| - the developer to determine if the <a>user agenta> has support for |
1395 |
| - one of the desired <a>payment methodsa> and if a <a>payment |
1396 |
| - handlera> has an instrument ready for payment. See |
1397 |
| - [[[#canmakepayment-protections]]]. |
1398 |
| - p> |
1399 |
| - <p data-tests= |
1400 |
| - "payment-request-hasenrolledinstrument-method.https.html"> |
1401 |
| - The {{PaymentRequest/hasEnrolledInstrument()}} method MUST run the |
1402 |
| - <a>can make payment algorithma> with |checkForInstruments| set to |
1403 |
| - true. |
| 1382 | + make payment algorithma>. |
1404 | 1383 | p>
|
1405 | 1384 | section>
|
1406 | 1385 | <section data-dfn-for="PaymentRequest">
|
|
3945 | 3924 | <p>
|
3946 | 3925 | The <dfn>can make payment algorithmdfn> checks if the <a>user
|
3947 | 3926 | agenta> supports making payment with the <a>payment methodsa>
|
3948 |
| - with which the {{PaymentRequest}} was constructed. It takes a boolean |
3949 |
| - argument, |checkForInstruments|, that specifies whether the algorithm |
3950 |
| - checks for existence of enrolled instruments in addition to |
3951 |
| - supporting a <a>payment methoda>. |
| 3927 | + with which the {{PaymentRequest}} was constructed. |
3952 | 3928 | p>
|
3953 | 3929 | <ol class="algorithm">
|
3954 | 3930 | <li>Let |request:PaymentRequest| be the {{PaymentRequest}} object on
|
|
3958 | 3934 | "[=state/created=]", then return <a>a promise rejected witha> an
|
3959 | 3935 | {{"InvalidStateError"}} {{DOMException}}.
|
3960 | 3936 | li>
|
3961 |
| - <li data-tests= |
3962 |
| - "payment-request-hasenrolledinstrument-method-protection.https.html, payment-request-canmakepayment-method-protection.https.html"> |
3963 |
| - Optionally, at the <a>top-level browsing contexta>'s discretion, |
3964 |
| - return <a>a promise rejected witha> a {{"NotAllowedError"}} |
3965 |
| - {{DOMException}}. |
| 3937 | + <li data-tests="">Optionally, at the <a>top-level browsing |
| 3938 | + contexta>'s discretion, return <a>a promise rejected witha> a |
| 3939 | + {{"NotAllowedError"}} {{DOMException}}. |
3966 | 3940 | <p class="note">
|
3967 | 3941 | This allows user agents to apply heuristics to detect and prevent
|
3968 | 3942 | abuse of the calling method for fingerprinting purposes, such as
|
|
3985 | 3959 | <li>Let |identifier| be the first element in the |paymentMethod|
|
3986 | 3960 | tuple.
|
3987 | 3961 | li>
|
3988 |
| - <li>If |checkForInstruments| is false, and the user agent has a |
3989 |
| - <a>payment handlera> that supports handling payment requests |
3990 |
| - for |identifier|, resolve |hasHandlerPromise| with true and |
3991 |
| - terminate this algorithm. |
3992 |
| - li> |
3993 |
| - <li>If |checkForInstruments| is true: |
3994 |
| - <ol> |
3995 |
| - <li>Let |data| be the result of <a data-cite= |
3996 |
| - "ECMASCRIPT#sec-json.parse">JSON-parsinga> the second |
3997 |
| - element in the |paymentMethod| tuple. |
3998 |
| - li> |
3999 |
| - <li>If required by the specification that defines the |
4000 |
| - |identifier|, then [=converted to an IDL value|convert=] |
4001 |
| - |data| to an IDL value. Otherwise, [=converted to an IDL |
4002 |
| - value|convert=] to {{object}}. |
4003 |
| - li> |
4004 |
| - <li>Let |handlers| be a <a>lista> of registered <a>payment |
4005 |
| - handlersa> that are authorized and can handle payment |
4006 |
| - request for |identifier|. |
4007 |
| - li> |
4008 |
| - <li>For each |handler| in |handlers|: |
4009 |
| - <ol> |
4010 |
| - <li>Let |hasEnrolledInstrument| be the result of running |
4011 |
| - |handler|'s <a>steps to check if a payment can be |
4012 |
| - madea> with |data|. |
4013 |
| - li> |
4014 |
| - <li>If |hasEnrolledInstrument| is true, resolve |
4015 |
| - |hasHandlerPromise| with true and terminate this |
4016 |
| - algorithm. |
4017 |
| - li> |
4018 |
| - ol> |
4019 |
| - li> |
4020 |
| - ol> |
| 3962 | + <li>If the user agent has a <a>payment handlera> that supports |
| 3963 | + handling payment requests for |identifier|, resolve |
| 3964 | + |hasHandlerPromise| with true and terminate this algorithm. |
4021 | 3965 | li>
|
4022 | 3966 | ol>
|
4023 | 3967 | li>
|
|
4963 | 4907 | <code>canMakePayment()code> protections
|
4964 | 4908 | h2>
|
4965 | 4909 | <p>
|
4966 |
| - The {{PaymentRequest/canMakePayment()}} and |
4967 |
| - {{PaymentRequest/hasEnrolledInstrument()}} methods have the potential |
4968 |
| - to expose user information that could be abused for fingerprinting |
4969 |
| - purposes. User agents are expected to protect the user from abuse of |
4970 |
| - the method. For example, user agents can reduce user fingerprinting |
4971 |
| - by: |
| 4910 | + The {{PaymentRequest/canMakePayment()}} method provides feature |
| 4911 | + detection for different payment methods. It may become a |
| 4912 | + fingerprinting vector if in the future, a large number of payment |
| 4913 | + methods are available. purposes. User agents are expected to protect |
| 4914 | + the user from abuse of the method. For example, user agents can |
| 4915 | + reduce user fingerprinting by: |
4972 | 4916 | p>
|
4973 | 4917 | <ul>
|
4974 |
| - <li>Allowing the user to configure the user agent to turn off |
4975 |
| - {{PaymentRequest/canMakePayment()}} and |
4976 |
| - {{PaymentRequest/hasEnrolledInstrument()}}, which would return <a>a |
4977 |
| - promise rejected witha> a {{"NotAllowedError"}} {{DOMException}}. |
4978 |
| - li> |
4979 | 4918 | <li>Rate-limiting the frequency of calls with different parameters.
|
4980 | 4919 | li>
|
4981 | 4920 | ul>
|
|
0 commit comments