Add allowpaymentrequest attribute for iframe support #268
Conversation
| </p> | ||
| <p> | ||
| The <a>HTMLIFrameElement</a> is extended with an <dfn><code>allowpaymentrequest</code></dfn> | ||
| content attribue. <a><code>allowpaymentrequest</code></a> is a <a>boolean attribute</a>. |
There was a problem hiding this comment.
This isn't really what we've discussed. Unless there was subsequent conversation outside of the issue, the proposal (which didn't have any disagreement) was to extend the already-defined "permissions" attribute with a new "payment" value.
|
@adamroach do you mean the sandbox attribute? allow-payment would be a sensible additional value for that attribute. A related question. Can a script in an iframe query its surrounding iframe element to determine if it has permission to do something? |
No, I mean the syntax demonstrated in this comment: #2 (comment) (where I also describe why Mozilla's security folks are not okay with using The conversation from there consisted of @zkoch calling the suggestion "great", and then (after consulting with his security team) pointing to the Feature Policy work, which currently defers to the Permission Delegation API -- see its examples section for a quick glance at how this works; but the syntax it shows is in line what I proposed. I understand that the Feature Policy document and the Permission Delegation document may be merged, but my understanding is that this is a document structure change with no protocol implications. As far as I know, that's the extent of the discussion on this topic, which is why I find the changes that were just merged in to be surprising. |
Fixes #2.