Add pref to disable Android Payment API

VERIFIED FIXED in Firefox 23

Status

()

defect
P3
normal
VERIFIED FIXED
6 years ago
6 years ago

People

(Reporter: cpeterson, Assigned: cpeterson)

Tracking

23 Branch
Firefox 24
All
Android
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox22 unaffected, firefox23+ fixed, firefox24+ verified)

Details

Attachments

(1 attachment)

Assignee

Description

6 years ago
Would this new pref be checked from dom/payment/Payment.jsm?
Note there is a buildtime pref to do this (we may need to hook it up to our component...) There are also some runtime prefs that we could just yank. They don't "disable" the api, but they would cause it to find not available providers and just bail.

http://mxr.mozilla.org/mozilla-central/source/mobile/android/app/mobile.js#732
We have MOZ_PAY for enabling/disabling mozPay at build time.

(In reply to Chris Peterson (:cpeterson) from comment #0)
> Would this new pref be checked from dom/payment/Payment.jsm?

For a runtime pref, I would just do the check in the child at https://mxr.mozilla.org/mozilla-central/source/dom/payment/Payment.js#79 and return null there if needed.
Priority: -- → P3
do we need to create a pref for this?

what's the likelihood someone invokes payments?
if they do, as there's no pay provider connected, what's the impact?
(In reply to Caitlin Galimidi from comment #3)
> do we need to create a pref for this?

I'm guessing the motivation for this bug is we've implemented support for the payments API, but it isn't ready for general consumption on release/beta channels. Given the design of the API, we actually don't need an explicit pref to disable the API probably, but we do need to pull the marketplace payment prefs out from beta/release. Otherwise, the marketplace payment provider will be exposed on a beta/release channel for use on Firefox for Android - both inside and outside of apps before being ready for general use.

> 
> what's the likelihood someone invokes payments?

Same likelihood that someone would decide to use marketplace to buy an app or make an in-app payment, except on Firefox for Android.

> if they do, as there's no pay provider connected, what's the impact?

To my understanding, there is a payment provider implemented in the prefs right now, which is the same provider we have on Firefox OS. The impact is the general risk of exposing a non-ready feature to the public.

I think the right solution here is just to disable the payment provider preferences on Beta/Release until we know that both the DOM API & marketplace payment provider is ready for general consumption on Firefox for Android.
Then again, given that we have a marketplace payment provider as the only supported provider on Firefox for Android, the marketplace could easily work around this problem without client side changes by preventing usage on Firefox for Android for certain Firefox versions.
Assignee

Comment 6

6 years ago
* Caitlin: My concern was that we have not tested the Marketplace payment provider with Android clients. I want to avoid any server-side surprises if Android clients start sending payment requests. :) Would the Marketplace team like us to disable this API on Android until you are ready? Who should I contact for more info? Thanks!

* Wes: Would we need to do anything more than #ifdef our payment provider prefs? Please see the attached patch.
Attachment #759496 - Flags: feedback?(wjohnston)
Flags: needinfo?(cgalimidi)
I think what you are doing here in the patch is fine. You are disabling the payment provider preferences on Beta/Release. They'll still be enabled on Aurora/Nightly for testing.

I agree with your concerns as well - especially from having past experience with marketing getting upset about times we've enabled apps-related features on Beta/Release earlier than they wanted. In one case, we even had to push an additional release for such a situation like this.
Caitlin asked me to comment. I agree with the patch. If Marketplace will be responsible for detecting Android based on user agent then it could get hairy. A device pref sounds better to me.
Flags: needinfo?(cgalimidi)
Assignee

Comment 9

6 years ago
Comment on attachment 759496 [details] [diff] [review]
Disable Marketplace payment provider in Beta and Release channels.patch

Kumar: thanks for your feedback. I'll ask wesj to review the patch. We'll need to uplift it to Aurora 23, too.
Attachment #759496 - Flags: feedback?(wjohnston) → review?(wjohnston)
Comment on attachment 759496 [details] [diff] [review]
Disable Marketplace payment provider in Beta and Release channels.patch

Review of attachment 759496 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good. For reference, I think this will cause us to bail here:

http://mxr.mozilla.org/mozilla-central/source/dom/payment/Payment.jsm#102
Attachment #759496 - Flags: review?(wjohnston) → review+
https://hg.mozilla.org/mozilla-central/rev/4a854c013d42
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 24
Assignee

Comment 13

6 years ago
Comment on attachment 759496 [details] [diff] [review]
Disable Marketplace payment provider in Beta and Release channels.patch

[Approval Request Comment]
Bug caused by (feature/regressing bug #): Bug 813756
User impact if declined: Payment WebAPI may be enabled on Fx23 before Marketplace payment server has been tested.
Testing completed (on m-c, etc.): 
Risk to taking this patch (and alternatives if risky): Low risk. The Payment WebAPI is not public yet, so no web content should be calling it yet. This patch is simply to prevent the API from talking to the payment server.
String or IDL/UUID changes made by this patch: None
Attachment #759496 - Flags: approval-mozilla-aurora?
Attachment #759496 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.