New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is paypment request gated behind https? #658
Comments
|
@jdalton, as @romandev stated, the API is only exposed in "SecureContext". You can read about what that means (but effectively, yes - only HTTPS, no |
Thanks! |
FYI, Chrome considers the following to be secure contexts, which allow PaymentRequest per spec:
One interesting edge case is invalid HTTPS certificate. In this case, Chrome shows an interstitial alerting the user to dangers of proceeding. If the user elects to proceed, the context is considered secure, so Chrome allows PaymentRequest to match the spec, but the API is neutered:
You can observe this behavior on https://self-signed.badssl.com/input/web-payment/ for example. |
Hi @marcoscaceres and @rsolomakhin, Did you answer the question differently from one another? It seems Chrome would allow use of PR API with "file:" but @marcoscaceres seems to suggest Firefox would not. Am I reading that correctly? Whatever the outcome, I'd like to add to the FAQ [1]. Ian |
@ianbjacobs: The spec allows |
MDN documentation [1] says: "Locally delivered files such as http://localhost and file:// paths are considered to have been delivered securely." Ian [1] https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts |
Is it spec'ed whether the payment request API works on pages running on the
file:///
?Example: A dev opens a page locally (not on localhost) to test the API.
The text was updated successfully, but these errors were encountered: