Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add AbortPaymentEvent. #207

Closed
wants to merge 2 commits into from
Closed

Conversation

rsolomakhin
Copy link
Collaborator

@rsolomakhin rsolomakhin commented Aug 28, 2017

@rsolomakhin rsolomakhin requested a review from ianbjacobs August 28, 2017 19:57
@rsolomakhin
Copy link
Collaborator Author

Pease don't merge until I've reported on implementation experience.

MXEBot pushed a commit to mirror/chromium that referenced this pull request Aug 30, 2017
Spec change:
w3c/payment-handler#207

Bug: 736745
Change-Id: Ifb78aa332080044180e2e836ac0709ba3f727567
Reviewed-on: https://chromium-review.googlesource.com/636504
Reviewed-by: Rouslan Solomakhin <[email protected]>
Commit-Queue: Ganggui Tang <[email protected]>
Cr-Commit-Position: refs/heads/master@{#498114}
@marcoscaceres
Copy link
Member

Made a "do not merge" label... to celebrate :)

@romandev
Copy link
Member

If CanMakePayment event is risky, AbortPayment event might also be risky?
Because it can be triggered from merchant's abort() call without user interaction.
The event doesn't take any information but it's not important.
Might take some informations such as urls by using clients.matchAll with includeUncontrolled option.

@rsolomakhin
Copy link
Collaborator Author

The user agent fires the AbortPayment event only in the currently invoked payment app. From user perspective, that's after the user has selected a payment app and clicked [PAY], while the user is waiting for the payment app to complete. From implementation perspective, that's after PaymentRequest event has been fired, but before PaymentRequest.updateWith() promise has been resolved. At this point, the user has given explicit consent for the merchant website's information to be passed into the payment app to facilitate the payment. Hence, the risk of AbortPayment event is low.

Copy link
Member

@marcoscaceres marcoscaceres left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a good start. I think we can get Payment Request to do some of the work tho.

</pre>
</pre>
<p>
The <a>paymentManager</a> attribute exposes payment handler
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be a dfn?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a for paymentManager eight lines above. I'm not super familiar with spec format, but shouldn't there be a single tag per term in a spec?

<h2>
Aborting an invocation
</h2>
<p>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This paragraph is redundant. This should be in an algorithm somewhere (probably is, just haven't gotten to it).

the <a>user agent</a> fires <a>AbortPaymentEvent</a> in the <a>payment
handler</a> that is currently handling <a>PaymentRequestEvent</a>.
There is no expectation that the <a>payment handler</a> would roll back
a transaction or issue a refund. (This is out of scope.) The <a>payment
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note, this whole talk of "refunds" and other "money talk" is not ideal. We should only talk about how we manipulate things in the API - but not go into this kind of detail. We can describe "here is how you do a refund" in tutorial material.

<p>
Implementations may impose a timeout for developers to respond to the
<a>AbortPaymentEvent</a>. If the timeout expires, then the
implementation will behave as if <a data-lt=
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: there is no need to use data-lt :) Just add data-link-for="AbortPaymentEvent" in a parent element (either the paragraph or the parent <section>).

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a neat trick, thank you!

<dfn>onabortpayment</dfn> attribute
</h2>
<p>
The <a>onabortpayment</a> attribute is an <a>event handler</a>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: <a>event handler</a> should be <a>event handler attribute</a> and linked to HTML correctly.

<a>PaymentRequestEvent</a> that is being processed.
</li>
<li>If <var>registration</var> is not found, reject the
<a>Promise</a> that was created by <a data-cite=
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, I don't think we can do this... we need to hook back into Payment Request here - but we can't reach across threads and reject the promise?

</li>
<li>Invoke the <a>handle functional event</a> algorithm with a
<a>ServiceWorkerRegistration</a> of <var>registration</var> and <var>
callbackSteps</var> set to the following steps:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we want some kinda of task here? This looks like a task.

<li>Invoke the <a>handle functional event</a> algorithm with a
<a>ServiceWorkerRegistration</a> of <var>registration</var> and <var>
callbackSteps</var> set to the following steps:
<ol>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, we shouldn't need to do any of this... Payment Request should do this for us. We just need to tell Payment Request that we have aborted, and it should do all this, no?

</li>
<li>Dispatch <var>e</var> to <var>global</var>.
</li>
<li>Wait for all of the promises in the <a>extend lifetime
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This feels out of place to me. Shouldn't we get this for free from .waitUntil() without needing to say anything? Hopefully this whole task can go away.

response, reject the <a>Promise</a> that was created by
<a data-cite=
"!payment-request#abort-method">PaymentRequest.abort()</a> with a
<a>DOMException</a> whose value "<a>OperationError</a>".
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can remove this whole thing. Payment Request doesn't know anything about "OperationError"s and WebIDL will just coerce anything you send into .respondeWith() into a boolean.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

...anyway, I'm kinda sure this whole thing needs to go away. Fingers crossed!

@rsolomakhin
Copy link
Collaborator Author

Let me close this pull request and submit a new one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants