-
Notifications
You must be signed in to change notification settings - Fork 135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
To address branded button issues and improve privacy, add browser support for payment method selection before the sheet #777
Comments
I think this proposal makes a lot of sense at a high level, and also has a lot of fun low-level questions. One in particular: showing logos over third-party content in a not-ugly way requires some kind of standard for what background they get shown on, roughly what size/style of icon is present, etc. This seems like a tricky thing for a spec to handle, but I think in practice merchants would be very reluctant to have a bunch of non-matching icons on top of their custom-styled checkout page. |
Hi @asolove-stripe, It seems to me that payment method owners own the branding requirements. If automatic selection based on the payment method manifest does not suffice, we could enhance (and complicate) this approach by enabling the merchant to express a preference for size and color, from among the logos authorized by the payment method owner. So the merchant does not provide the logo (which would raise security issues) but instead expresses a preference (e.g., for a specific icon) that is verified by the browser against the options offered by the payment method owner. Errors could be managed by the browser showing something authorized by the payment method owner. There are other approaches as well, such as the merchant specifying a target height (for example) and letting the browser try to optimize logos for that height. I hear the point and, if there's interest overall, we can get suggestions from the group. Perhaps a tougher point would be ordering of the logos. However, there may be a way to leverage existing data from Payment Request API for that. |
I'm +1 to the group discussing this sort of approach. I recommended some kind of browser-controlled UI components to address this issue and others at TPAC a while back and here as well: If we have success with this idea, it could also make it easier for sites to customize their checkouts to support more things like discount codes without requiring browser code to change. The idea isn't without its challenges, but it could make extensions, customization, and good UX much easier to implement for merchants and their software partners. |
Sorry for the spam, I erroneously pasted a response in the wrong github thread. I do have some thoughts on this that I'll share with the group shortly. |
Shopify would very much be interested in discussing such an approach; branded buttons and payment method branding is something we think Web Payments can potentially solve elegantly. It does comes with some inherently interesting difficulties, mainly UX ones. Some quick thoughts from a merchant perspective:
I'd like to clarify what the underlying need and goal of such a spec would be. Are we trying to:
I would have though that long term, PaymentRequest's value prop of streamlining the checkout process would trump branding requirements upstream, as their available in the payment sheet. I'm excited by this though as I can very well see this spec bridging the gap between currently available payment methods through SDKs and new arrivals present through Payment Request. |
In the spirit of getting the ball rolling, I'll drop some ideas that come off the top of my head. These mostly concentrate on allowing the merchant to decide what's the best way to present buttons, all the while trying to protect the buyer's privacy. Idea 1Could we envision a world where Say: Accompagnied to this, each payment handler can be queried for their button asset say: Idea 2Could we envision a high level abstraction that enables a merchant to build a tuple of branded button and PaymentRequest, without leaking to the merchant what payment method is being presented to the buyer. For example:
A A
In all cases, the merchant would never be able to query any object to determine what is being presented to the buyer. |
@Krystosterone, thanks for sharing these ideas. Of your goals, I like "Help set buyer expectations about their purchase journey?" and "Help adoption of PaymentRequest?" I would reframe "Ensure that payment method branding is well represented upstream?" as "Ensure that PaymentRequest supports the realities of requirements related to payment method branding." I need to think more about your Idea 2. I am hearing the desirable properties:
|
What if we proposed some declarative way of binding a payment request to DOM elements?
Is there a safe way to do this without the user being able to figure out the supported methods? Could the CSS class be applied but not reported? |
I'm not sure to understand the proposal. Also, it seems to put the control of branding logos into the hands of merchants, so if the browser is automatically to display these things "in a browser-owned window," that would seem to create a security problem as we have heard in the past. (However, I'm not sure that is what you intended.) Ian |
Could someone explain what these security reasons are? This seems in conflict with allowing the merchant "some control over the display of information, both due to branding requirements and the merchant's style requirements". The checkout page on the merchant website will never be, or contain, a browser-owned window as this is too easy to spoof. My understanding of the problem we are solving is:
So a declarative solution is, the merchant provides all elements for all payment methods they support and provides hints to the browser about how to arrange those elements using CSS based on which methods the user has. |
@adrianhopebailie wrote: "Could someone explain what these security reasons are?" I have heard that if the merchant can choose an arbitrary image, they could, for example, show a BobPay image but actually code the payment method as evalpay.com via PR API. Therefore, we want to let the browser get the image from the domain of the payment method. |
How would this prevent evilpay from simply using BobPay's logo in their manifest? |
I don't think we can prevent collusion except through browser whitelists. |
Hi all,
cc @adimallikarjunareddy
This post is inspired by:
#774
I would like to start discussion around a proposal for adding browser support for payment method selection before the sheet. Perhaps we can discuss at TPAC in October.
It seems to me that canMakePayment() is serving multiple roles. Perhaps we can tease those apart into at least least two needs:
(1) The merchant wants to know whether to provide a Payment Request API user experience or a traditional Web form.
(2) Having determined PR API is available, the merchant wants to know which payment buttons to show in a manner consistent with brand-specific requirements.
Perhaps we can find away to limit canMakePayment() usage to just the first one. This would reduce the number of calls, improving privacy and perhaps avoiding rate limiting issues.
To address the second need, I propose that the browser offer a new user experience.
The browser knows the intersection of the payment methods accepted by the merchant and those for which the user has payment handlers. Today the browser shows that intersection in the sheet.
What we are hearing is that we need something before the sheet as well.
Therefore, I propose the following (at a high level):
the DOM).
Some advantages to this approach occur to me:
So:
in a manner that is convenient and secure? How would it work on mobile?
I look forward to your comments.
Ian
The text was updated successfully, but these errors were encountered: