Possible spec bug with allowpaymentrequest and creation of iframe

[zcorpan]

From https://bugs.chromium.org/p/chromium/issues/detail?id=819800#c6

Test: https://w3c-test.org/payment-request/allowpaymentrequest/setting-allowpaymentrequest-timing.https.sub.html

The timing in the test is as follows.

T0. The <iframe> is inserted into the document (line 29). The allowpaymentrequest flag is not set. See
https://html.spec.whatwg.org/#the-iframe-element:process-the-iframe-attributes
->
https://html.spec.whatwg.org/#creating-a-new-browsing-context
->
https://html.spec.whatwg.org/#set-the-allow*-flags (step 3, no-op)

T1. The 10ms timeout fires, which adds the allowpaymentrequest attribute, but does not change the flag (because there's no new navigation).

T2. The iframe 'load' fires when the resource has loaded (which is delayed 3 seconds, by ?pipe=trickle(d3), see https://wptserve.readthedocs.io/en/latest/pipes.html#trickle ). This sends the postMessage to the framed page (line 21).

T3. The framed page receives the message, and responds with the result of constructing PaymentRequest.

T4. onmessage is invoked, an exception is expected because the allowpaymentrequest flag has not been set since T0.

However, I realize now that the spec also runs "navigate" from inserting the iframe, which eventually reaches https://html.spec.whatwg.org/#read-html
->
https://html.spec.whatwg.org/#initialise-the-document-object
->
https://html.spec.whatwg.org/#set-the-allow*-flags

That would go between T1 and T2. :-/ Possible spec bug.

[domenic]

allowpaymentrequest is gone from the spec.