Reject PaymentRequest.show with SecurityError DOMException if it is not triggered by user activation
Allowing PaymentRequest.show() to be triggered without a user activation could be abused by malicious websites. To protect users, the spec has been changed to require user activation.
Status in Chromium
In development (tracking bug)
Consensus & Standardization
Last updated on 2019-05-21