Skip to content

[SPC] Add test for SPC authentication in a hidden document#39507

Merged
stephenmcgruer merged 1 commit intomasterfrom
smcgruer/spc-disallow-in-background
Apr 13, 2023
Merged

[SPC] Add test for SPC authentication in a hidden document#39507
stephenmcgruer merged 1 commit intomasterfrom
smcgruer/spc-disallow-in-background

Conversation

@stephenmcgruer
Copy link
Contributor

@stephenmcgruer stephenmcgruer commented Apr 12, 2023

@wpt-pr-bot wpt-pr-bot requested a review from rsolomakhin April 12, 2023 20:42
@stephenmcgruer stephenmcgruer requested review from nickburris and removed request for rsolomakhin April 12, 2023 20:42
@stephenmcgruer
Copy link
Contributor Author

stephenmcgruer commented Apr 12, 2023

cc @ianbjacobs

One note is that Chrome currently throws an AbortError for this - this is likely due to either step 5 or 12.1 of https://w3c.github.io/payment-request/#show-method . The actual SPC spec change (w3c/secure-payment-confirmation#238) would technically throw a NotSupportedError, because of what happens when the 'steps to check a payment can be made' fail: https://w3c.github.io/payment-request/#ref-for-dfn-steps-to-check-if-a-payment-can-be-made-1

@nickburris
Copy link
Member

nickburris commented Apr 12, 2023

One note is that Chrome currently throws an AbortError for this - this is likely due to either step 5 or 12.1 of https://w3c.github.io/payment-request/#show-method . The actual SPC spec change (w3c/secure-payment-confirmation#238) would technically throw a NotSupportedError, because of what happens when the 'steps to check a payment can be made' fail: https://w3c.github.io/payment-request/#ref-for-dfn-steps-to-check-if-a-payment-can-be-made-1

What does a non-SPC PaymentRequest throw? Should this WPT expect a NotSupportedError then, and we update our implementation to throw that?

@stephenmcgruer
Copy link
Contributor Author

stephenmcgruer commented Apr 13, 2023

Codewise, it also throws an AbortError.

Specwise, the two possible places Chrome is choosing to throw an AbortError here (steps 5 or 12.1 of show()) both come before when SPC would have a chance to cause a NotSupportedError to be thrown (during step 17 iirc). So Chrome is perfectly within spec here. This is why we should fix this in Payment Request instead, and maybe we should just do that rather than land the SPC spec PR - thoughts Ian?

I think I'll go check if Safari allows Payment Request in a background tab today. If not maybe we can easily spec something in Payment Request quickly.

@stephenmcgruer stephenmcgruer mentioned this pull request Apr 13, 2023
Merged
3 tasks
@stephenmcgruer
Copy link
Contributor Author

stephenmcgruer commented Apr 13, 2023

I think I'll go check if Safari allows Payment Request in a background tab today. If not maybe we can easily spec something in Payment Request quickly.

Based on my testing, Safari also throws an AbortError if you try to trigger it when the tab is in the background. Reproduction:

  1. Visit https://rsolomakhin.github.io/pr/applepay/ in Safari, and have another tab ready
  2. Click the Apple Pay button (the code will wait 1s before calling Payment Request's show() method), and then very quickly switch to the other tab
  3. Observe an AbortError is thrown

nickburris
nickburris approved these changes Apr 13, 2023
View reviewed changes
Copy link
Member

@nickburris nickburris left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for confirming the implementation consistency!

@stephenmcgruer stephenmcgruer merged commit ef35911 into master Apr 13, 2023
@stephenmcgruer stephenmcgruer deleted the smcgruer/spc-disallow-in-background branch April 13, 2023 21:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nickburris nickburris nickburris approved these changes

Assignees

@nickburris nickburris

Labels

secure-payment-confirmation wg-payments

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@stephenmcgruer @nickburris @rsolomakhin @wpt-pr-bot