| CARVIEW |
Select Language
HTTP/2 200
date: Thu, 09 Oct 2025 00:08:54 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com/ copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
referrer-policy: no-referrer-when-downgrade
server-timing: pull_request_layout-fragment;desc="pull_request_layout fragment";dur=294.524957,conversation_content-fragment;desc="conversation_content fragment";dur=954.931256,conversation_sidebar-fragment;desc="conversation_sidebar fragment";dur=276.330581,nginx;desc="NGINX";dur=1.190702,glb;desc="GLB";dur=142.510627
strict-transport-security: max-age=31536000; includeSubdomains; preload
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
x-content-type-options: nosniff
x-frame-options: deny
x-voltron-version: 266d7a9
x-xss-protection: 0
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=CRzs0CPL5k%2FL5W4v06bHELTeIe7xyb6unKsbm%2FsoR4CKG9tOROJp83ycNdzPU6fDNFF%2BKxsJGwXCYYP6QbuNLGxtbcX8uZuN07WiBAwO2uwyh0CrBBpXuTscanb2fR1%2BqJTI1yRhxRClx808k1wEf%2B85W1VNFjS89c%2Bfgiibg35LSTEuDpLD6f%2F341JfaafZxvqWZ9ixBw%2BSuSPq8OfNS4JSibe7R5KMYKErkYXd7uIowlN%2FBs22wAyLYba9qA%2BCj2ei6nusYcDyaXsnDESAbQ%3D%3D--yYFzcEKQKqJDOmEp--44eAAqYLe7tfDNYjDC9DIQ%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.327252245.1759968532; Path=/; Domain=github.com; Expires=Fri, 09 Oct 2026 00:08:52 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Fri, 09 Oct 2026 00:08:52 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: D124:3F3FA7:1B924B:26D180:68E6FD14
Update transient activation to match WebKit by marcoscaceres · Pull Request #961 · w3c/payment-request · GitHub
Skip to content
Navigation Menu
{{ message }}
-
Notifications
You must be signed in to change notification settings - Fork 137
Update transient activation to match WebKit #961
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rsolomakhin
approved these changes
Aug 12, 2021
ianbjacobs
approved these changes
Aug 12, 2021
stephenmcgruer
approved these changes
Aug 12, 2021
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tried to find some prior art here on whether to throw a NotAllowed or SecurityError, and came up short 😂 . What I did find:
- webusb and webbluetooth throw a SecurityError
- One other spec I found threw NotAllowedError, but most other specs just quietly return or ignore calls/etc when there is no activation.
- We used to throw SecurityError, then switched to NotAllowedError without documented reason that I could find.
So... SecurityError LGTM? Maybe something the web should standardize on ;)
I've asked for this too elsewhere, but wasn't successful... as you point out, it's somewhat specific to the API (and if the API throws/rejects or can get away with doing nothing). |
|
Could someone please also approve the tests? 🙏 web-platform-tests/wpt#30006 |
|
@stephenmcgruer, filed Chrome bug https://bugs.chromium.org/p/chromium/issues/detail?id=1239453 Happy to send a patch, but please see my email as I'm not sure how to enable the right flag to trigger that code path. |
stephenmcgruer
added a commit
to web-platform-tests/wpt
that referenced
this pull request
Aug 13, 2021
marcoscaceres
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Aug 13, 2021
pull bot
pushed a commit
to FreddyZeng/chromium
that referenced
this pull request
Aug 14, 2021
The error thrown when user activation is missing was recently changed from NotAllowedError to SecurityError: w3c/payment-request#961 This change has no effect on shipped Chrome yet as we currently don't throw at all for missing activation - the logic is hidden behind the capability delegation flag. Tested via unittest and via visiting https://wpt.live/payment-request/show-consume-activation.https.html with --enable-features=CapabilityDelegationPaymentRequest set. Bug: 1239453 Change-Id: I14f3874397468ca5da617afa930ffbbe254f1607 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3092912 Reviewed-by: Mustaq Ahmed <mustaq@chromium.org> Reviewed-by: Scott Violet <sky@chromium.org> Reviewed-by: Rouslan Solomakhin <rouslan@chromium.org> Commit-Queue: Stephen McGruer <smcgruer@chromium.org> Cr-Commit-Position: refs/heads/master@{#911813}
moz-v2v-gh
pushed a commit
to mozilla/gecko-dev
that referenced
this pull request
Aug 15, 2021
…or cases for PaymentRequest.show(), a=testonly Automatic update from web-platform-tests Fix some NotAllowedError --> SecurityError cases for PaymentRequest.show() (#30023) See w3c/payment-request#961 -- wpt-commits: ee2d179bcea6e4a697e89a99a245e4571bd65097 wpt-pr: 30023
jamienicol
pushed a commit
to jamienicol/gecko
that referenced
this pull request
Aug 20, 2021
…or cases for PaymentRequest.show(), a=testonly Automatic update from web-platform-tests Fix some NotAllowedError --> SecurityError cases for PaymentRequest.show() (#30023) See w3c/payment-request#961 -- wpt-commits: ee2d179bcea6e4a697e89a99a245e4571bd65097 wpt-pr: 30023
i3roly
pushed a commit
to i3roly/firefox-dynasty
that referenced
this pull request
Jun 1, 2024
…or cases for PaymentRequest.show(), a=testonly Automatic update from web-platform-tests Fix some NotAllowedError --> SecurityError cases for PaymentRequest.show() (#30023) See w3c/payment-request#961 -- wpt-commits: ee2d179bcea6e4a697e89a99a245e4571bd65097 wpt-pr: 30023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
None yet
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
You can’t perform that action at this time.
Update the spec to match what WebKit does. We can then update Chrome to match.
The following tasks have been completed:
Implementation commitment:
Optional, impact on Payment Handler spec?
none
Preview | Diff