In V2, the spec should integrate with the Feature Policy spec. We need to investigate what this means and/or reverse engineer the Web Platform Tests that Google has submitted around this.
Soooooo.... we (Firefox) are about to land support for Feature Policy.
As part of that, we support:
document.policy.allowsFeature('payment'). allow attribute.@aestes, I see from caniuse.com that Safari supports the allow attribute at least.
@rsolomakhin, what's the status on the Chrome side? I know you guys did a bunch of work on feature policy early on.
It could be an easy win here for 1.1 given that we are somewhat aligned on implementation.
So, for integration, all we do is add:
https://github.com/WICG/feature-policy/blob/master/features.md#payment
To our spec. Imma cc'ing @clelland in case I missed something and for any additional guidance.
I believe it's fully implemented in Chrome, but I've pinged the code owner to provide a more nuanced and accurate answer as well.
cc @loonybear
Re what's the status on the Chrome side?
Hope that helps.
@marcoscaceres, that sounds about right; the JS is a bit more complex than that[1], but the details are in the spec.
The only other piece I can think of that's specifically relevant for payment request is supporting both feature policy and the original <iframe allowpaymentrequest> mechanism. There is some text in HTML, but the best description of what to do is in the Feature Policy spec under Additional attributes to support legacy features and the Process feature policy attributes algorithm.
[1] There's also a document.policy.allowedFeatures array which should include "payment" when allowed, and a bit of subtlety around HTMLIFrameElement.policy to avoid cross-origin info leaks
Re https://github.com/w3c/payment-request/issues/600#issuecomment-421393998,
I realized that we can't rename the header field to Allow, since that's already a thing.
@clelland, thanks! Ok, so it looks like all we would need is a non-normative section in Payment Request pointing to those sections of Feature Policy.
I think there might even be WPTests already for testing that FP and allowpaymentrequest work correctly, so we might be all good.
Marking this as Editorial, and setting it as CR exit target - as I think it might be nice to ship with this in V1. There won't be a normative dependency on FP, but if other vendors implement FP, they get the right behavior 馃
@marcoscaceres, just a note that Feature Policy was published today as a FPWD:
https://www.w3.org/TR/2019/WD-feature-policy-1-20190416/
Excellent, thanks for the update.