LGTM3
On 12/1/21 12:34 PM, Chris Harrelson wrote:
LGTM2
On Wed, Dec 1, 2021 at 9:33 AM Yoav Weiss <yoavwe...@chromium.org> wrote:
LGTM1 to deprecate in M98 and remove in M99, assuming no surprises
come up on the usage front.
On Wed, Dec 1, 2021 at 6:31 PM Stephen Mcgruer
<smcgr...@chromium.org> wrote:
To be clear; I think we have a good enough shot of that
remaining site fixing their code 'soon' (I expect O(weeks))
that we both:
1. Shouldn't do the removal till they have, and
2. Don't need to provide an alternative in the form of
capability delegation.
But the code change to at least start this deprecation would
have to land by December 9th (or we punt for 1.5 months),
hence why we're filing this ahead of them fixing their site :).
On Wed, 1 Dec 2021 at 12:22, Stephen Mcgruer
<smcgr...@chromium.org> wrote:
> Does the primary remaining site have fallback code, or
will it be broken?
Yes and no :). It doesn't have automatic fallback for the
specific payment method the user has selected (Google
Pay), but the user could then select one of the other
payment methods that the site supports (either a credit
card flow or I think PayPal IIRC).
On Wed, 1 Dec 2021 at 11:05, Yoav Weiss
<yoavwe...@chromium.org> wrote:
On Wed, Dec 1, 2021 at 4:43 PM Stephen Mcgruer
<smcgr...@chromium.org> wrote:
Contact emails
smcgr...@chromium.org
Specification
https://www.w3.org/TR/payment-request/#show-method
Summary
Allowing PaymentRequest.show() to be triggered
without a user activation could be abused by
malicious websites. To protect users, the spec was
changed to require user activation, and we are now
following through in the Chrome implementation.
Plan is to deprecate in M98 and remove in M99. We
may push the M99 date to M100 based on compat
risk; see below.
Blink component
Blink>Payments
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EPayments>
TAG review
N/A - enforcement of feature from an
already-reviewed specification
TAG review status
Pending
Risks
Interoperability and Compatibility
Interoperability: no risk. Firefox has not shipped
PaymentRequest at all, whilst Safari's
implementation already requires user activation
for calling show(). Compatibility: the main risk.
If a website is calling PaymentRequest.show()
without a user activation today, it will stop
working. If that website doesn't have fallback
code to use another payments flow, it may lead to
a broken purchase experience for the user. Due to
this risk, we added a UseCounter,
kPaymentRequestShowWithoutGesture, which tracks
use of the feature. Although hits on the
UseCounter have reduced significantly since 2019*,
there is still non-zero usage which is growing
slowly over time. We believe the growth to be
related to the general increase of web payments,
rather than an expanded number of sites. To tackle
the remaining usage, we have performed a UKM
analysis, and identified the primary remaining
site. We are in contact with them, and expect them
to roll out a fix in the coming weeks - after
which we will revisit the numbers and this thread.
Does the primary remaining site have fallback code, or
will it be broken?
*
https://chromestatus.com/metrics/feature/timeline/popularity/2398
Gecko: In development
(https://bugzilla.mozilla.org/show_bug.cgi?id=1445138)
WebKit: Shipped/Shipping
(https://bugs.webkit.org/show_bug.cgi?id=179056)
Web developers: No signals
Other signals:
Debuggability
As we are treating this as a deprecation, we
intend to use the issues tab (as per the
checklist) to warn developers of the upcoming
removal. Once the support is removed, calling
show() will throw a SecurityError with a clear
error message.
Is this feature fully tested by
web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md>?
Yes -
https://wpt.fyi/results/payment-request/show-consume-activation.https.html?label=experimental&label=master&aligned
<https://wpt.fyi/results/payment-request/show-consume-activation.https.html?label=experimental&label=master&aligned>
Requires code in //chrome?
False
Tracking bug
https://crbug.com/825270
Estimated milestones
Deprecate in M98, remove in M99 or M100 (compat
risk depending).
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5948593429020672
Links to previous Intent discussions
Intent to prototype:
https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/2PhPgk_k9a0/m/alO4yt_HBQAJ
Intent to Experiment:
https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/i6pAWsjU7zg/m/CzqgcGAXAwAJ
* This is a bit of a strange case, where we
initially believed that we needed Capability
Delegation to support deprecating this
feature. However, the partner who needed that
ability has instead solved their problem in a
different way. As such, we believe it safe to
require user activation for show() calls
*without* Capability Delegation being available.
This intent message was generated by Chrome
Platform Status
<https://www.chromestatus.com/> and hand edited by
smcgruer@.
--
You received this message because you are
subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving
emails from it, send an email to
blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADY3Mae4RVpVxnjMS8oJ7WE7yOtAiqqa79%3D8v%2ByNf2XhCtHWgg%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADY3Mae4RVpVxnjMS8oJ7WE7yOtAiqqa79%3D8v%2ByNf2XhCtHWgg%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfU3ebwnoKvHPkXhQeSZ2mSfqgW_i_pXJVqEGaFjPJWWKA%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfU3ebwnoKvHPkXhQeSZ2mSfqgW_i_pXJVqEGaFjPJWWKA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw-19DXQBytn%2BUChj%3D5p9JrgrhMZYGxVDYgkv262ttDkoA%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw-19DXQBytn%2BUChj%3D5p9JrgrhMZYGxVDYgkv262ttDkoA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c5524e7e-8627-9142-434e-28100c0d19aa%40chromium.org.