878327 - Add pref to disable Android Payment API

Status: VERIFIED FIXED

(Firefox for Android Graveyard :: Web Apps (PWAs), defect, P3)

Description

[Chris Peterson [:cpeterson]]

Would this new pref be checked from dom/payment/Payment.jsm?

Comment 1

[Wesley Johnston (:wesj)]

Note there is a buildtime pref to do this (we may need to hook it up to our component...) There are also some runtime prefs that we could just yank. They don't "disable" the api, but they would cause it to find not available providers and just bail.

http://mxr.mozilla.org/mozilla-central/source/mobile/android/app/mobile.js#732

Comment 2

[Fernando Jiménez Moreno [:ferjm]]

We have MOZ_PAY for enabling/disabling mozPay at build time.

(In reply to Chris Peterson (:cpeterson) from comment #0)
> Would this new pref be checked from dom/payment/Payment.jsm?

For a runtime pref, I would just do the check in the child at https://mxr.mozilla.org/mozilla-central/source/dom/payment/Payment.js#79 and return null there if needed.

Comment 3

[Caitlin Galimidi [:c8o]]

do we need to create a pref for this?

what's the likelihood someone invokes payments?
if they do, as there's no pay provider connected, what's the impact?

Comment 4

[Jason Smith [:jsmith]]

(In reply to Caitlin Galimidi from comment #3)
> do we need to create a pref for this?

I'm guessing the motivation for this bug is we've implemented support for the payments API, but it isn't ready for general consumption on release/beta channels. Given the design of the API, we actually don't need an explicit pref to disable the API probably, but we do need to pull the marketplace payment prefs out from beta/release. Otherwise, the marketplace payment provider will be exposed on a beta/release channel for use on Firefox for Android - both inside and outside of apps before being ready for general use.

> 
> what's the likelihood someone invokes payments?

Same likelihood that someone would decide to use marketplace to buy an app or make an in-app payment, except on Firefox for Android.

> if they do, as there's no pay provider connected, what's the impact?

To my understanding, there is a payment provider implemented in the prefs right now, which is the same provider we have on Firefox OS. The impact is the general risk of exposing a non-ready feature to the public.

I think the right solution here is just to disable the payment provider preferences on Beta/Release until we know that both the DOM API & marketplace payment provider is ready for general consumption on Firefox for Android.

Comment 5

[Jason Smith [:jsmith]]

Then again, given that we have a marketplace payment provider as the only supported provider on Firefox for Android, the marketplace could easily work around this problem without client side changes by preventing usage on Firefox for Android for certain Firefox versions.

Comment 6

[Chris Peterson [:cpeterson]]

Attachment: Disable Marketplace payment provider in Beta and Release channels.patch

* Caitlin: My concern was that we have not tested the Marketplace payment provider with Android clients. I want to avoid any server-side surprises if Android clients start sending payment requests. :) Would the Marketplace team like us to disable this API on Android until you are ready? Who should I contact for more info? Thanks!

* Wes: Would we need to do anything more than #ifdef our payment provider prefs? Please see the attached patch.

Comment 7

[Jason Smith [:jsmith]]

I think what you are doing here in the patch is fine. You are disabling the payment provider preferences on Beta/Release. They'll still be enabled on Aurora/Nightly for testing.

I agree with your concerns as well - especially from having past experience with marketing getting upset about times we've enabled apps-related features on Beta/Release earlier than they wanted. In one case, we even had to push an additional release for such a situation like this.

Comment 8

[Kumar McMillan [:kumar]]

Caitlin asked me to comment. I agree with the patch. If Marketplace will be responsible for detecting Android based on user agent then it could get hairy. A device pref sounds better to me.

Comment 9

[Chris Peterson [:cpeterson]]

Comment on attachment 759496 [details] [diff] [review]
Disable Marketplace payment provider in Beta and Release channels.patch

Kumar: thanks for your feedback. I'll ask wesj to review the patch. We'll need to uplift it to Aurora 23, too.

Comment 10

[Wesley Johnston (:wesj)]

Comment on attachment 759496 [details] [diff] [review]
Disable Marketplace payment provider in Beta and Release channels.patch

Review of attachment 759496 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good. For reference, I think this will cause us to bail here:

http://mxr.mozilla.org/mozilla-central/source/dom/payment/Payment.jsm#102

Comment 11

[Chris Peterson [:cpeterson]]

https://hg.mozilla.org/integration/mozilla-inbound/rev/4a854c013d42

Comment 12

[Ed Morley [:emorley]]

https://hg.mozilla.org/mozilla-central/rev/4a854c013d42

Comment 13

[Chris Peterson [:cpeterson]]

Comment on attachment 759496 [details] [diff] [review]
Disable Marketplace payment provider in Beta and Release channels.patch

[Approval Request Comment]
Bug caused by (feature/regressing bug #): Bug 813756
User impact if declined: Payment WebAPI may be enabled on Fx23 before Marketplace payment server has been tested.
Testing completed (on m-c, etc.): 
Risk to taking this patch (and alternatives if risky): Low risk. The Payment WebAPI is not public yet, so no web content should be calling it yet. This patch is simply to prevent the API from talking to the payment server.
String or IDL/UUID changes made by this patch: None

Comment 14

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/releases/mozilla-aurora/rev/c7512a9df9d3