Confirmed users
933
edits
Firefox/Features/Web Payments/Privacy & Security Considerations: Difference between revisions
Firefox/Features/Web Payments/Privacy & Security Considerations (view source)
Revision as of 00:54, 10 November 2017
, 10 November 2017add more
(Based on autofill) |
(add more) |
||
| Line 1: | Line 1: | ||
Some things to keep in mind while working on Payment Request relating to privacy/security: | Some things to keep in mind while working on Payment Request relating to privacy/security: | ||
* navigations away from a page showing a Payment Request dialog should either be prevented or the dialog should abort. | |||
* attacks where the user is tricked into interacting with the Payment Request dialog (e.g. clickjacking) | * attacks where the user is tricked into interacting with the Payment Request dialog (e.g. clickjacking) | ||
** The pay button should probably have a security delay | |||
* security state of the page e.g. HTTPS vs. HTTP, invalid certificate, etc. | * security state of the page e.g. HTTPS vs. HTTP, invalid certificate, etc. | ||
** Only allowed on secure contexts. Should we disable for cert overrides? What about for developers? | ** Only allowed on secure contexts. Should we disable for cert overrides? What about for developers? | ||