Google Git
Sign in
chromium / chromium / src.git / 115f723900c543655bd4b9993d022be8f7bb54ee
commit115f723900c543655bd4b9993d022be8f7bb54ee[log] [tgz]
authorRouslan Solomakhin <rouslan@chromium.org>Tue Aug 01 15:24:38 2017
committerCommit Bot <commit-bot@chromium.org>Tue Aug 01 15:24:38 2017
treee7767cb4c1d354d253be29faa978fe5e7326dd05
parent3f8482bae3536d32d2f3fcc13ee535b6d277e56b [diff]
[Payments] canMakePayment() rate limit to iframe + top level origin.

Before this patch, if a payment service provider https://checkout.com
was being used in iframes for both https://momsshop.com and
https://popsshop.com, but with different sets of supported payment
methods, then canMakePayment() would be rejected with "NotAllowedError"
due to the rate limit on the iframe origin.

This patch changes the rate limiting to be based on the concatenation of
both iframe and top level origins instead of only iframe origin.

After this patch, if a payment service provider https://checkout.com is
being used in iframes for both https://momsshop.com and
https://bobsshop.com with different sets of supported payment methods,
then canMakePayment() will resolve with "true" or "false" according to
the user state instead of rejecting with "NotAllowedError".

This patch changes behavior for desktop and Android only, because iOS
implementation of PaymentRequest does not support iframes.

Bug: 742589
Change-Id: I08e15c325fc6027e82be7fddc047312235c82f51
Reviewed-on: https://chromium-review.googlesource.com/591747
Reviewed-by: Mathieu Perreault <mathp@chromium.org>
Reviewed-by: mahmadi <mahmadi@chromium.org>
Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#490998}
6 files changed
tree: e7767cb4c1d354d253be29faa978fe5e7326dd05
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. blink/
  6. breakpad/
  7. build/
  8. build_overrides/
  9. cc/
  10. chrome/
  11. chrome_elf/
  12. chromecast/
  13. chromeos/
  14. cloud_print/
  15. components/
  16. content/
  17. courgette/
  18. crypto/
  19. dbus/
  20. device/
  21. docs/
  22. extensions/
  23. gin/
  24. google_apis/
  25. google_update/
  26. gpu/
  27. headless/
  28. infra/
  29. ios/
  30. ipc/
  31. jingle/
  32. mash/
  33. media/
  34. mojo/
  35. native_client_sdk/
  36. net/
  37. pdf/
  38. ppapi/
  39. printing/
  40. remoting/
  41. rlz/
  42. sandbox/
  43. sdch/
  44. services/
  45. skia/
  46. sql/
  47. storage/
  48. styleguide/
  49. testing/
  50. third_party/
  51. tools/
  52. ui/
  53. url/
  54. .clang-format
  55. .eslintrc.js
  56. .git-blame-ignore-revs
  57. .gitattributes
  58. .gitignore
  59. .gn
  60. AUTHORS
  61. BUILD.gn
  62. CODE_OF_CONDUCT.md
  63. codereview.settings
  64. DEPS
  65. ENG_REVIEW_OWNERS
  66. LICENSE
  67. LICENSE.chromium_os
  68. OWNERS
  69. PRESUBMIT.py
  70. PRESUBMIT_test.py
  71. PRESUBMIT_test_mocks.py
  72. README.md
  73. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .