Add showOptOut option to spec #215
Conversation
|
(cc @jcemer as an fyi) |
|
+@ianbjacobs to review as well. Ian - I expect we will want to talk about this one in the WPWG? |
|
@stephenmcgruer, I will put this on the 8 December agenda. |
|
Some day I will learn to use GitHub. In the meantime, here were the comments I thought I left:
|
|
Thanks! See updates to the privacy considerations section.
In our implementation we actually do not leak this information, since we also show the opt out option on the no-credential-found UX which already exists to mitigate credential probing attacks. I've added text to the privacy considerations section on this, good catch! |
Adds chromedriver support and web platform test for opt-out for SPC. The WPT passes locally with SPC opt out enabled (currently disabled behind a flag). There's a small change in the SPC MVC logic, since opt-out can now happen by calling SPCController::OnOptOut directly, which resulted in the dialog view calling back to OnCancel when the dialog closes since it didn't know opt-out was programmatically invoked. This is fixed by having the controller set a bit on the model which the view checks. Spec PR: w3c/secure-payment-confirmation#215 Bug: 1385865 Change-Id: I777e92b5110785415de68ef9f0497905598e4897
|
Thanks again! As mentioned we'll leave this open until discussion at WPWG 8 December meeting. |
Adds chromedriver support and web platform test for opt-out for SPC. The WPT passes locally with SPC opt out enabled (currently disabled behind a flag). There's a small change in the SPC MVC logic, since opt-out can now happen by calling SPCController::OnOptOut directly, which resulted in the dialog view calling back to OnCancel when the dialog closes since it didn't know opt-out was programmatically invoked. This is fixed by having the controller set a bit on the model which the view checks. Spec PR: w3c/secure-payment-confirmation#215 Bug: 1385865 Change-Id: I777e92b5110785415de68ef9f0497905598e4897 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4030688 Commit-Queue: Nick Burris <[email protected]> Reviewed-by: Stephen McGruer <[email protected]> Reviewed-by: Andrey Kosyakov <[email protected]> Cr-Commit-Position: refs/heads/main@{#1073462}
Adds chromedriver support and web platform test for opt-out for SPC. The WPT passes locally with SPC opt out enabled (currently disabled behind a flag). There's a small change in the SPC MVC logic, since opt-out can now happen by calling SPCController::OnOptOut directly, which resulted in the dialog view calling back to OnCancel when the dialog closes since it didn't know opt-out was programmatically invoked. This is fixed by having the controller set a bit on the model which the view checks. Spec PR: w3c/secure-payment-confirmation#215 Bug: 1385865 Change-Id: I777e92b5110785415de68ef9f0497905598e4897 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4030688 Commit-Queue: Nick Burris <[email protected]> Reviewed-by: Stephen McGruer <[email protected]> Reviewed-by: Andrey Kosyakov <[email protected]> Cr-Commit-Position: refs/heads/main@{#1073462}
Adds chromedriver support and web platform test for opt-out for SPC. The WPT passes locally with SPC opt out enabled (currently disabled behind a flag). There's a small change in the SPC MVC logic, since opt-out can now happen by calling SPCController::OnOptOut directly, which resulted in the dialog view calling back to OnCancel when the dialog closes since it didn't know opt-out was programmatically invoked. This is fixed by having the controller set a bit on the model which the view checks. Spec PR: w3c/secure-payment-confirmation#215 Bug: 1385865 Change-Id: I777e92b5110785415de68ef9f0497905598e4897 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4030688 Commit-Queue: Nick Burris <[email protected]> Reviewed-by: Stephen McGruer <[email protected]> Reviewed-by: Andrey Kosyakov <[email protected]> Cr-Commit-Position: refs/heads/main@{#1073462}
|
FYI I made a small change to update the naming convention in the TransactionAutomationMode enum to camelCase, per a recommendation in this comment which I'll follow up with an implementation change. |
…t out WPT, a=testonly Automatic update from web-platform-tests [SPC] Add Secure Payment Confirmation opt out WPT Adds chromedriver support and web platform test for opt-out for SPC. The WPT passes locally with SPC opt out enabled (currently disabled behind a flag). There's a small change in the SPC MVC logic, since opt-out can now happen by calling SPCController::OnOptOut directly, which resulted in the dialog view calling back to OnCancel when the dialog closes since it didn't know opt-out was programmatically invoked. This is fixed by having the controller set a bit on the model which the view checks. Spec PR: w3c/secure-payment-confirmation#215 Bug: 1385865 Change-Id: I777e92b5110785415de68ef9f0497905598e4897 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4030688 Commit-Queue: Nick Burris <[email protected]> Reviewed-by: Stephen McGruer <[email protected]> Reviewed-by: Andrey Kosyakov <[email protected]> Cr-Commit-Position: refs/heads/main@{#1073462} -- wpt-commits: 29d4f9513ad84c09f54199ffc157a0f9ce7d1e90 wpt-pr: 37012
…t out WPT, a=testonly Automatic update from web-platform-tests [SPC] Add Secure Payment Confirmation opt out WPT Adds chromedriver support and web platform test for opt-out for SPC. The WPT passes locally with SPC opt out enabled (currently disabled behind a flag). There's a small change in the SPC MVC logic, since opt-out can now happen by calling SPCController::OnOptOut directly, which resulted in the dialog view calling back to OnCancel when the dialog closes since it didn't know opt-out was programmatically invoked. This is fixed by having the controller set a bit on the model which the view checks. Spec PR: w3c/secure-payment-confirmation#215 Bug: 1385865 Change-Id: I777e92b5110785415de68ef9f0497905598e4897 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4030688 Commit-Queue: Nick Burris <[email protected]> Reviewed-by: Stephen McGruer <[email protected]> Reviewed-by: Andrey Kosyakov <[email protected]> Cr-Commit-Position: refs/heads/main@{#1073462} -- wpt-commits: 29d4f9513ad84c09f54199ffc157a0f9ce7d1e90 wpt-pr: 37012
|
@nickburris - fyi that this PR should also add a reference to the newly added WPT test (see c096e3b where I landed it as |
|
This was discussed today at the WPWG (minutes), and a resolution was taken to land it (once updated for the WPT test comment). We also heard interest in exploring clearer cancellation states for SPC, which we intend to discuss internally - but consider separate from this PR. |
|
Sorry about the force push mess, one day I will get rebasing a fork right...
Done |
stephenmcgruer
force-pushed
the
optout
branch
from
161c849 to
78e2553
Compare
No problem! I also just rebased and forced-pushed it again, to pick up a fix I landed in |
|
@ianbjacobs - I think we're good to merge here, but will wait on you to confirm before I squash-merge it :) |
SHA: c24f564 Reason: push, by stephenmcgruer Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
SHA: c24f564 Reason: push, by stephenmcgruer Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This PR adds spec text for a new showOptOut option in the SecurePaymentConfirmationRequest API. See the original proposal and discussion in #172. This spec change reflects the prototype currently implemented behind a flag in Chrome, which is available via origin trial and used in this test page.
The OptOutError mentioned in this change is being added to WebIDL in whatwg/webidl#1231.
Opt-out web platform test: web-platform-tests/wpt#37012
Preview | Diff