Closed Bug 1318988 Opened 9 years ago Closed 8 years ago

Implement `allowPaymentRequest` on iframe

Categories

(Core :: DOM: Web Payments, defect, P3)

Product:
Core
Component:
DOM: Web Payments
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla56
Tracking Flags:
Tracking Status
firefox56 --- fixed

People

(Reporter: marcosc, Assigned: alchen)

References

(Blocks 2 open bugs,
URL
)

Details

(Keywords: dev-doc-complete)

Attachments

(1 file, 3 obsolete files)

Implement allowPaymentRequest on iframe. r=baku
12.03 KB, patch
alchen
: review+
Details | Diff | Splinter Review
Controls if an iframe can access the PaymentRequest API.
No longer depends on: 1318987
Mapping the Trello_P1 priority to bugzilla P3.
Priority: -- → P3
Bug 1318988 has added 'allowPaymentRequest' on iframe, but permission check in PaymentRequest constructor is still required.
(In reply to Ben Tian [:btian] from comment #3) > Bug 1318988 has added 'allowPaymentRequest' on iframe, but permission check > in PaymentRequest constructor is still required. Should be bug 1331899.
Component: DOM → DOM: Web Payments
Assignee: nobody → alchen
Attached patch WIP patch (obsolete) — Splinter Review
We can pass a few web-platform-test by this patch. In this patch, I also add a mochitest.
With this patch, We can pass the following web-platform-tests. https://w3c-test.org/payment-request/allowpaymentrequest/ -> active-document-cross-origin.https.sub.html -> active-document-same-origin.https.html -> allowpaymentrequest-attribute-cross-origin-bc-containers.https.html -> allowpaymentrequest-attribute-same-origin-bc-containers.https.html -> no-attribute-cross-origin-bc-containers.https.html -> no-attribute-same-origin-bc-containers.https.html -> basic.https.html
Attachment #8886064 - Flags: review?(amarchesini)
Comment on attachment 8886064 [details] [diff] [review] Implement allowPaymentRequest on iframe Review of attachment 8886064 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/payments/PaymentRequest.cpp @@ +238,5 @@ > + // If the node has the same origin as the parent node, the feature is allowed-to-use. > + // Otherwise, only allow-to-use this feature when the browsing context container is > + // an iframe with "allowpaymentrequest" attribute. > + nsCOMPtr<nsIDocument> doc = window->GetExtantDoc(); > + nsINode* node = static_cast<nsINode*>(doc); node can be null here. In this case return NS_ERROR_UNEXPECTED.
Attachment #8886064 - Flags: review?(amarchesini) → review+
Keywords: checkin-needed
Attachment #8887302 - Attachment is obsolete: true
Attachment #8887310 - Flags: review+
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/2911ec8bebec Implement allowPaymentRequest on iframe. r=baku
Keywords: checkin-needed
Blocks: 1382120
https://hg.mozilla.org/mozilla-central/rev/2911ec8bebec
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox56: --- → fixed
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
Usually we don't mark features as available in iframes; we are more likely to mark a feature if it is explicitly not available in an iframe. However, I appreciate that this feature's iframe availability is rather more critical than most (3rd party checkout apps, etc.), so I've put a note here about it: https://developer.mozilla.org/en-US/docs/Web/API/Payment_Request_API#Payment_Request_Concepts_and_Usage Do you think anything more is needed?
Keywords: dev-doc-neededdev-doc-complete
(In reply to Chris Mills (Mozilla, MDN editor) [:cmills] from comment #12) > Usually we don't mark features as available in iframes; we are more likely > to mark a feature if it is explicitly not available in an iframe. > > However, I appreciate that this feature's iframe availability is rather more > critical than most (3rd party checkout apps, etc.), so I've put a note here > about it: > > https://developer.mozilla.org/en-US/docs/Web/API/ > Payment_Request_API#Payment_Request_Concepts_and_Usage > > Do you think anything more is needed? I think you should add the note as the link below. It is more accurate. https://www.w3.org/TR/payment-request/#paymentrequest-and-iframe-elements Thanks for your help.
Flags: needinfo?(cmills)
(In reply to Alphan Chen [:alchen] from comment #13) > (In reply to Chris Mills (Mozilla, MDN editor) [:cmills] from comment #12) > > Usually we don't mark features as available in iframes; we are more likely > > to mark a feature if it is explicitly not available in an iframe. > > > > However, I appreciate that this feature's iframe availability is rather more > > critical than most (3rd party checkout apps, etc.), so I've put a note here > > about it: > > > > https://developer.mozilla.org/en-US/docs/Web/API/ > > Payment_Request_API#Payment_Request_Concepts_and_Usage > > > > Do you think anything more is needed? > > I think you should add the note as the link below. > It is more accurate. > https://www.w3.org/TR/payment-request/#paymentrequest-and-iframe-elements > > Thanks for your help. Ah, cool, thanks for the pointer. I've updated my note so it is accurate, and I've also added an entry to the <iframe> page to explain the allowpaymentrequest attribute. The equivalent DOM property is already documented: https://developer.mozilla.org/en-US/docs/Web/API/HTMLIFrameElement
Flags: needinfo?(cmills)
(In reply to Chris Mills (Mozilla, MDN editor) [:cmills] from comment #14) > > I've updated my note so it is accurate, and I've also added an entry to the > <iframe> page to explain the allowpaymentrequest attribute. > > The equivalent DOM property is already documented: > > https://developer.mozilla.org/en-US/docs/Web/API/HTMLIFrameElement There are some updates about this attribute. [Current Definition] To indicate that a "cross-origin" iframe is allowed to invoke the payment request API, the allowpaymentrequest attribute can be specified on the iframe element. The keyword is "cross-origin". If the iframe has the same origin, we don't need 'allowpaymentrequest' attribute to use the payment request API. So we still need some refinement here. Thanks.
Flags: needinfo?(cmills)
(In reply to Alphan Chen [:alchen] from comment #15) > (In reply to Chris Mills (Mozilla, MDN editor) [:cmills] from comment #14) > > > > I've updated my note so it is accurate, and I've also added an entry to the > > <iframe> page to explain the allowpaymentrequest attribute. > > > > The equivalent DOM property is already documented: > > > > https://developer.mozilla.org/en-US/docs/Web/API/HTMLIFrameElement > > There are some updates about this attribute. > > [Current Definition] > To indicate that a "cross-origin" iframe is allowed to invoke the payment > request API, the allowpaymentrequest attribute can be specified on the > iframe element. > > > The keyword is "cross-origin". > If the iframe has the same origin, we don't need 'allowpaymentrequest' > attribute to use the payment request API. > So we still need some refinement here. > Thanks. Ah, I missed that detail - thanks for pointing this out. I've made sure the cross-origin detail is made clear in all the relevant places: * https://developer.mozilla.org/en-US/docs/Web/API/Payment_Request_API#Payment_Request_Concepts_and_Usage * https://developer.mozilla.org/en-US/docs/Web/API/HTMLIFrameElement#Properties * https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#Attributes
Flags: needinfo?(cmills)
Whiteboard: [WP-MVP][M4]
Whiteboard: [WP-MVP][M4]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: