The “canmakepayment” service worker event lets the merchant know whether the user has a card on file in an installed payment app. It silently passes the merchant's origin and arbitrary data to a service worker from payment app origin. This cross-origin communication happens on PaymentRequest construction in JavaScript, does not require a user gesture, and does not show any user interface.

Motivation

To improve user privacy, remove the merchant origin and arbitrary data from the "canmakepayment" service worker event: - topOrigin - paymentRequestOrigin - methodData - modifiers

Specification

Specification link


Unknown standards status - check spec link for status

Status in Chromium

Blink>Payments


No active development

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No signal
  • No signal
  • No signals

Owner

Comments

The spec as of 04 October 2021 draft still contains the fields to be removed: topOrigin, paymentRequestOrigin, methodData, and modifiers.

Last updated on 2022-05-05