Reject PaymentRequest.show with SecurityError DOMException if it is not triggered by user activation

Allowing PaymentRequest.show() to be triggered without a user activation could be abused by malicious websites. To protect users, the spec has been changed to require user activation.

Specification

Established standard

Status in Chromium

Blink>Payments


In development (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Owner

Last updated on 2019-05-21