Add isSecurePaymentConfirmationAvailable API to spec #233
Conversation
There was a problem hiding this comment.
I think this is roughly fine as-is, but cc @ianbjacobs who may have an opinion.
Can you update the example in section 1.2.2 to: (1) use your const spcAvailable = ..., and to (2) remove or update the comment about canMakePayment ?
Actually, what this means for canMakePayment is a good question. Payment Request is notoriously vague about that method - the algorithm just says:
If the user agent has a [payment handler](https://w3c.github.io/payment-request/#dfn-payment-handler) that supports handling payment requests for identifier, resolve hasHandlerPromise with true and terminate this algorithm.
(Note, as always, that the Steps to check if a payment can be made concept is unrelated to canMakePayment and is actually part of show() -_-.)
So I think overall we should just remove the canMakePayment usage in example 1.2.2, and discourage use of canMakePayment for SPC, in preference for this static method?
|
Thanks @nickburris and @stephenmcgruer, I don't have a strong view; let's try to get input from users of the API. Having said that, I see some small advantages to isSecurePaymentConfirmationAvailable:
|
How/when do you want to gather this input?
Yes, I think we definitely want to make isSecurePaymentConfirmationAvailable the primary way to do availability-checking for the API. The question is more "what about canMakePayment" in such a world - should the SPC spec try to address it (either by defining it to do 'something' useful, TBD what, or by explicitly saying not to use it for SPC)? |
I have reached out to Stripe and Adyen colleagues for input. I'll also add this to our next meeting agenda.
While SPC is grounded in PR API I don't see a reason to try to get rid of canMakePayment. So would this make sense language for users of the API:
|
Ack. Note that we would like to ship this in M113 (branches March 23rd, for stable release in early May), so we are likely to pursue that anyway as we don't foresee any objections from the WG. If for some reason there is significant push-back at the remote meeting (week of March 27th), we should be fine to halt the brakes that close post-branch.
Yep, sgtm. Practically, what I believe this amounts to is:
Does that SGTY @ianbjacobs ? |
SGTM. As someone who didn't know this issue exist, it seems straightforward and simple as it gets. |
|
It's an open issue; sorry I was a bit blithe in my comment. |
Done. |
|
@ianbjacobs - PTAL as well. Let us know also if you want this to wait for a WPWG meeting to let anyone chime in, or if you're happy to see it merged after your review. |
|
Hi @nickburris, I've approved the request, but this should not be part of the document that we advance to Candidate Recommendation. I do expect us to fold in other pull requests that will be part of the CR (namely, #230, #234, #236, and #238). Should we block merging this for now? |
Yep; let's just leave this PR sitting until the first version of SPC gets to CR (assuming no significant bumps along the way). On the Chrome side, an open approved PR is sufficient for our launch processes :) |
|
[Chromium API owner hat on] Do y'all have an idea of how long you expect SPC to take to get to CR? While we can ship based on a PR if necessary, it's not ideal as it can contribute to confusion about what's ready to be implemented in other engines. If you expect it to take more than a month or so, could you consider creating a separate 'v2' branch or something which we can point to as the landed spec for this API? |
|
Hi @RByers, |
|
Thanks @ianbjacobs. Leaving this as an approved but unlanded PR for a few weeks seems like a reasonable pragmatic tradeoff to me. If it ends up taking more than a month or two, would you be open to the future/v2 branch idea? |
|
@RByers, yes, very open to a versioning / branch discussion. |
|
@ianbjacobs - now that we have a CR version branched (though not approved), what do you think of landing this PR? I don't expect us to have many more changes to bring into the CR branch, and if we do we can cherry-pick them individually from main as needed. |
|
@stephenmcgruer, |
|
Sure, sounds good to me - if you can take the task to land this once the CR is published, SGTM. Thanks! :) |
SHA: 200fb61 Reason: push, by ianbjacobs Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
SHA: 200fb61 Reason: push, by ianbjacobs Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
SHA: 200fb61 Reason: push, by ianbjacobs Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This adds spec text for an API for developers to more easily check whether SPC is available. Fixes #81. One question is whether the spec should further clarify what it means for SPC to be available, but I'm not sure how we can say that without being too implementation specific.
Preview | Diff