New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
topLevelOrigin is a weird name #259
Comments
Innovation? ;-) For a bit of context, we want to distinguish between the origin of the top-level context and that of the sub-iframe within that called |
Could you give an example of why this is a necessary capability for payment handlers? For example, do the basic-card or ApplePay payment handlers change their behavior based on top-level origin vs. PaymentRequest origin? |
Google Pay whitelists the origins that are allowed to use it. (You can get on the whitelist by registering for a merchant account.) When working with large partners, it's simpler to whitelist a single
If the |
Right, I understand the motivation for paymentRequestOrigin. The motivation for topLevelOrigin is less clear; I guess that's the "other partners". It seems strange to design a system that changes its behavior in that way based on who is embedding you... |
Shall we mark |
I dunno, I'm not an expert on writing payment handlers so I'm not sure how strongly my skepticism should be weighted. But starting conservative and gathering concrete customers before finalizing a feature makes sense to me as a general principle? |
@anthonyvd: Could you solicit feedback on this in your payment handler break-out session at the next face-to-face? |
@domenic if a I think there are two pieces of information that are important to the payment handler (and possibly the user of the payment handler):
Sometimes these are the same but sometimes they are different. This design accommodates the case when they are different. |
Some more context... The PH needs to know:
For some use cases simply requiring the origin will not be enough. If we can safely say that knowing the origin is not enough for any of these use cases then maybe we can take this out? |
Chatted about this at the F2F, it looks like this is just a naming issue rather than a use case issue. The group agrees that topOrigin is more appropriate. |
* s/topLevelOrigin/topOrigin per #259 (comment)
I don't think we've ever used "top level" in a public API before.
We do have
window.top
though. MaybetopOrigin
is a bit better.Is there any way of referring to this by its actual function? For example its description says "This attribute is a string that indicates the origin of the top level payee web page." Could
payeeOrigin
work? (If not, that description is probably not great.)The text was updated successfully, but these errors were encountered: