632632 Promise<undefined> abort();
633633 [NewObject]
634634 Promise<boolean> canMakePayment();
635- [NewObject]
636- Promise<boolean> hasEnrolledInstrument();
637635
638636 readonly attribute DOMString id;
639637 readonly attribute PaymentAddress? shippingAddress;
@@ -1367,7 +1365,7 @@ <h2>
13671365 < h2 >
13681366 < dfn > canMakePayment()</ dfn > method
13691367 </ h2 >
1370- < div class ="note " title ="canMakePayment() vs hasEnrolledInstrument() ">
1368+ < div class ="note " title ="canMakePayment() ">
13711369 < p >
13721370 The {{PaymentRequest/canMakePayment()}} method can be used by the
13731371 developer to determine if the < a > user agent</ a > has support for one
@@ -1377,30 +1375,11 @@ <h2>
13771375 < p >
13781376 A true result from {{PaymentRequest/canMakePayment()}} does not
13791377 imply that the user has a provisioned instrument ready for payment.
1380- For that, use {{PaymentRequest/hasEnrolledInstrument()}} instead.
13811378 </ p >
13821379 </ div >
13831380 < p data-tests ="payment-request-canmakepayment-method.https.html ">
13841381 The {{PaymentRequest/canMakePayment()}} method MUST run the < a > can
1385- make payment algorithm</ a > with |checkForInstruments| set to false.
1386- </ p >
1387- </ section >
1388- < section data-dfn-for ="PaymentRequest ">
1389- < h2 >
1390- < dfn > hasEnrolledInstrument()</ dfn > method
1391- </ h2 >
1392- < p class ="note ">
1393- The {{PaymentRequest/hasEnrolledInstrument()}} method can be used by
1394- the developer to determine if the < a > user agent</ a > has support for
1395- one of the desired < a > payment methods</ a > and if a < a > payment
1396- handler</ a > has an instrument ready for payment. See
1397- [[[#canmakepayment-protections]]].
1398- </ p >
1399- < p data-tests =
1400- "payment-request-hasenrolledinstrument-method.https.html ">
1401- The {{PaymentRequest/hasEnrolledInstrument()}} method MUST run the
1402- < a > can make payment algorithm</ a > with |checkForInstruments| set to
1403- true.
1382+ make payment algorithm</ a > .
14041383 </ p >
14051384 </ section >
14061385 < section data-dfn-for ="PaymentRequest ">
@@ -3945,10 +3924,7 @@ <h2>
39453924 < p >
39463925 The < dfn > can make payment algorithm</ dfn > checks if the < a > user
39473926 agent</ a > supports making payment with the < a > payment methods</ a >
3948- with which the {{PaymentRequest}} was constructed. It takes a boolean
3949- argument, |checkForInstruments|, that specifies whether the algorithm
3950- checks for existence of enrolled instruments in addition to
3951- supporting a < a > payment method</ a > .
3927+ with which the {{PaymentRequest}} was constructed.
39523928 </ p >
39533929 < ol class ="algorithm ">
39543930 < li > Let |request:PaymentRequest| be the {{PaymentRequest}} object on
@@ -3958,11 +3934,9 @@ <h2>
39583934 "[=state/created=]", then return < a > a promise rejected with</ a > an
39593935 {{"InvalidStateError"}} {{DOMException}}.
39603936 </ li >
3961- < li data-tests =
3962- "payment-request-hasenrolledinstrument-method-protection.https.html, payment-request-canmakepayment-method-protection.https.html ">
3963- Optionally, at the < a > top-level browsing context</ a > 's discretion,
3964- return < a > a promise rejected with</ a > a {{"NotAllowedError"}}
3965- {{DOMException}}.
3937+ < li data-tests =""> Optionally, at the < a > top-level browsing
3938+ context</ a > 's discretion, return < a > a promise rejected with</ a > a
3939+ {{"NotAllowedError"}} {{DOMException}}.
39663940 < p class ="note ">
39673941 This allows user agents to apply heuristics to detect and prevent
39683942 abuse of the calling method for fingerprinting purposes, such as
@@ -3985,39 +3959,9 @@ <h2>
39853959 < li > Let |identifier| be the first element in the |paymentMethod|
39863960 tuple.
39873961 </ li >
3988- < li > If |checkForInstruments| is false, and the user agent has a
3989- < a > payment handler</ a > that supports handling payment requests
3990- for |identifier|, resolve |hasHandlerPromise| with true and
3991- terminate this algorithm.
3992- </ li >
3993- < li > If |checkForInstruments| is true:
3994- < ol >
3995- < li > Let |data| be the result of < a data-cite =
3996- "ECMASCRIPT#sec-json.parse "> JSON-parsing</ a > the second
3997- element in the |paymentMethod| tuple.
3998- </ li >
3999- < li > If required by the specification that defines the
4000- |identifier|, then [=converted to an IDL value|convert=]
4001- |data| to an IDL value. Otherwise, [=converted to an IDL
4002- value|convert=] to {{object}}.
4003- </ li >
4004- < li > Let |handlers| be a < a > list</ a > of registered < a > payment
4005- handlers</ a > that are authorized and can handle payment
4006- request for |identifier|.
4007- </ li >
4008- < li > For each |handler| in |handlers|:
4009- < ol >
4010- < li > Let |hasEnrolledInstrument| be the result of running
4011- |handler|'s < a > steps to check if a payment can be
4012- made</ a > with |data|.
4013- </ li >
4014- < li > If |hasEnrolledInstrument| is true, resolve
4015- |hasHandlerPromise| with true and terminate this
4016- algorithm.
4017- </ li >
4018- </ ol >
4019- </ li >
4020- </ ol >
3962+ < li > If the user agent has a < a > payment handler</ a > that supports
3963+ handling payment requests for |identifier|, resolve
3964+ |hasHandlerPromise| with true and terminate this algorithm.
40213965 </ li >
40223966 </ ol >
40233967 </ li >
@@ -4963,19 +4907,14 @@ <h2 id="canmakepayment-protections">
49634907 < code > canMakePayment()</ code > protections
49644908 </ h2 >
49654909 < p >
4966- The {{PaymentRequest/canMakePayment()}} and
4967- {{PaymentRequest/hasEnrolledInstrument()}} methods have the potential
4968- to expose user information that could be abused for fingerprinting
4969- purposes. User agents are expected to protect the user from abuse of
4970- the method. For example, user agents can reduce user fingerprinting
4971- by:
4910+ The {{PaymentRequest/canMakePayment()}} method provides feature
4911+ detection for different payment methods. It may become a
4912+ fingerprinting vector if in the future, a large number of payment
4913+ methods are available. purposes. User agents are expected to protect
4914+ the user from abuse of the method. For example, user agents can
4915+ reduce user fingerprinting by:
49724916 </ p >
49734917 < ul >
4974- < li > Allowing the user to configure the user agent to turn off
4975- {{PaymentRequest/canMakePayment()}} and
4976- {{PaymentRequest/hasEnrolledInstrument()}}, which would return < a > a
4977- promise rejected with</ a > a {{"NotAllowedError"}} {{DOMException}}.
4978- </ li >
49794918 < li > Rate-limiting the frequency of calls with different parameters.
49804919 </ li >
49814920 </ ul >
0 commit comments