started work at https://codereview.chromium.org/2394473002/

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb

commit 310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb
Author: sanjoy.pal <sanjoy.pal@samsung.com>
Date: Thu Oct 20 17:15:21 2016

iframes with allowpaymentrequest attribute are allowed to make payment requests.

Specification: https://w3c.github.io/browser-payment-api/

There are some circumstances where a cross-origin iframe
wants to make a payment request. A cross-origin iframe
needs explicit permission from the embedding page to invoke
the payment request API.

BUG= 652148 

Review-Url: https://chromiumcodereview.appspot.com/2394473002
Cr-Commit-Position: refs/heads/master@{#426513}

[add] https://crrev.com/310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb/third_party/WebKit/LayoutTests/payments/payment-request-in-iframe-allowed.html
[add] https://crrev.com/310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb/third_party/WebKit/LayoutTests/payments/payment-request-in-iframe-nested-allowed.html
[add] https://crrev.com/310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb/third_party/WebKit/LayoutTests/payments/payment-request-in-iframe-nested-not-allowed.html
[add] https://crrev.com/310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb/third_party/WebKit/LayoutTests/payments/resources/payment-request-in-iframe-nested-expect-failure.html
[add] https://crrev.com/310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb/third_party/WebKit/LayoutTests/payments/resources/payment-request-in-iframe-nested-expect-success.html
[modify] https://crrev.com/310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb/third_party/WebKit/LayoutTests/webexposed/element-instance-property-listing-expected.txt
[modify] https://crrev.com/310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb/third_party/WebKit/LayoutTests/webexposed/global-interface-listing-expected.txt
[modify] https://crrev.com/310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb/third_party/WebKit/Source/core/core_idl_files.gni
[modify] https://crrev.com/310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb/third_party/WebKit/Source/core/html/HTMLAttributeNames.in
[modify] https://crrev.com/310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
[modify] https://crrev.com/310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb/third_party/WebKit/Source/core/html/HTMLIFrameElement.h
[modify] https://crrev.com/310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb/third_party/WebKit/Source/modules/modules_idl_files.gni
[modify] https://crrev.com/310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb/third_party/WebKit/Source/modules/payments/BUILD.gn
[add] https://crrev.com/310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb/third_party/WebKit/Source/modules/payments/HTMLIFrameElementPayments.cpp
[add] https://crrev.com/310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb/third_party/WebKit/Source/modules/payments/HTMLIFrameElementPayments.h
[add] https://crrev.com/310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb/third_party/WebKit/Source/modules/payments/HTMLIFrameElementPayments.idl
[modify] https://crrev.com/310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb/third_party/WebKit/Source/modules/payments/PaymentRequest.cpp

Note that this new API is set to ship in Chrome 55.
There's some debate about the shape of this API in https://github.com/w3c/browser-payment-api/issues/311

Unfortunately this API was a surprise to a number of people because there wasn't an "intent to ship" discussion on blink-dev, due largely to issue 666495 (which I will get fixed soon).

Intent to implement and ship: https://groups.google.com/a/chromium.org/d/msg/blink-dev/vM3RM1OQNFU/ao3wqCM6AgAJ

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d2c4379ec3783f7f70b14f6fda92f13cd496bf66

commit d2c4379ec3783f7f70b14f6fda92f13cd496bf66
Author: rouslan <rouslan@chromium.org>
Date: Wed Nov 23 21:46:04 2016

Mark IFrame support in PaymentRequest experimental

IFrame support in PaymentRequest may be better served through
FeaturePolicy. This patch marks the current IFrame support
experimental, so it's disabled by default, but developers still can
experiment with it. Once the FeaturePolicy question is resolved, the
current implementation of the IFrame support will be either shipped or
replaced by FeaturePolicy.

BUG= 652148 

Review-Url: https://codereview.chromium.org/2525813003
Cr-Commit-Position: refs/heads/master@{#434257}

[modify] https://crrev.com/d2c4379ec3783f7f70b14f6fda92f13cd496bf66/third_party/WebKit/Source/modules/payments/HTMLIFrameElementPayments.cpp
[modify] https://crrev.com/d2c4379ec3783f7f70b14f6fda92f13cd496bf66/third_party/WebKit/Source/modules/payments/HTMLIFrameElementPayments.idl
[modify] https://crrev.com/d2c4379ec3783f7f70b14f6fda92f13cd496bf66/third_party/WebKit/Source/modules/payments/PaymentRequest.cpp
[modify] https://crrev.com/d2c4379ec3783f7f70b14f6fda92f13cd496bf66/third_party/WebKit/Source/platform/RuntimeEnabledFeatures.in

Would like to merge https://crrev.com/d2c4379ec3783f7f70b14f6fda92f13cd496bf66 ("Mark IFrame support in PaymentRequest experimental") into M-55 and M-56. That patch effectively disables the feature.

[Automated comment] Less than 2 weeks to go before stable on M55, manual review required.

Your change meets the bar and is auto-approved for M56 (branch: 2924)

[Automated comment] Less than 2 weeks to go before stable on M55, manual review required.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b0db3df9ef642ede2732fe6b4f357a3b7960deff

commit b0db3df9ef642ede2732fe6b4f357a3b7960deff
Author: Rouslan Solomakhin <rouslan@chromium.org>
Date: Mon Nov 28 15:03:59 2016

[Merge M-56] Mark IFrame support in PaymentRequest experimental

IFrame support in PaymentRequest may be better served through
FeaturePolicy. This patch marks the current IFrame support
experimental, so it's disabled by default, but developers still can
experiment with it. Once the FeaturePolicy question is resolved, the
current implementation of the IFrame support will be either shipped or
replaced by FeaturePolicy.

BUG= 652148 

Review-Url: https://codereview.chromium.org/2525813003
Cr-Commit-Position: refs/heads/master@{#434257}
(cherry picked from commit d2c4379ec3783f7f70b14f6fda92f13cd496bf66)

Review URL: https://codereview.chromium.org/2529423002 .

Cr-Commit-Position: refs/branch-heads/2924@{#112}
Cr-Branched-From: 3a87aecc31cd1ffe751dd72c04e5a96a1fc8108a-refs/heads/master@{#433059}

[modify] https://crrev.com/b0db3df9ef642ede2732fe6b4f357a3b7960deff/third_party/WebKit/Source/modules/payments/HTMLIFrameElementPayments.cpp
[modify] https://crrev.com/b0db3df9ef642ede2732fe6b4f357a3b7960deff/third_party/WebKit/Source/modules/payments/HTMLIFrameElementPayments.idl
[modify] https://crrev.com/b0db3df9ef642ede2732fe6b4f357a3b7960deff/third_party/WebKit/Source/modules/payments/PaymentRequest.cpp
[modify] https://crrev.com/b0db3df9ef642ede2732fe6b4f357a3b7960deff/third_party/WebKit/Source/platform/RuntimeEnabledFeatures.in

Merge approved for M55 branch 2883.

https://crrev.com/310d33fb9aa25f2bcf58b4c64e4e0c1fbcc73bdb ("iframes with allowpaymentrequest attribute are allowed to make payment requests") is not actually in M-55. No need to disable it in M-55. Sorry to have bothered you.

M-55 branch base position: 423768
Patch commit position: 426513

Zach, how do get the Security and UI flags flipped here? As I recall, you and I met with security-enamel team and concluded that UI should show the origin, title, and icon of the top-level context. This is how the feature is implemented today.

Are there any live screenshots of the feature as implemented today? Or, a demo I can try?

Demo is at https://rsolomakhin.github.io/pr/iframe/, which has two iframes---one with "allowpaymentrequest" attribute, the other one without.

Both iframes load a page from https://secure-google-com-not-malicious-testing.github.io/.

You need Chrome 56 (Dev) on Android with chrome://flags/#enable-experimental-web-platform-features enabled for the demo to work.

The screenshot shows that PaymentRequest UI is using the top-level origin (rsolomakhin.github.io), favicon, and title (IFrame Test) instead of the embedded iframe's information.

Deleted: Screenshot_20161213-180246.png 173 KB

	Screenshot_20161213-180246.png 173 KB View Download

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/60fc664d00a1b25f327e5b382d4beb473f5eddc4

commit 60fc664d00a1b25f327e5b382d4beb473f5eddc4
Author: rouslan <rouslan@chromium.org>
Date: Fri Dec 23 00:49:38 2016

Enable iframe support for web payments by default.

Intent to implement and ship:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/vM3RM1OQNFU/ao3wqCM6AgAJ

BUG= 652148 

Review-Url: https://codereview.chromium.org/2597193003
Cr-Commit-Position: refs/heads/master@{#440565}

[modify] https://crrev.com/60fc664d00a1b25f327e5b382d4beb473f5eddc4/third_party/WebKit/Source/modules/payments/HTMLIFrameElementPayments.cpp
[modify] https://crrev.com/60fc664d00a1b25f327e5b382d4beb473f5eddc4/third_party/WebKit/Source/modules/payments/HTMLIFrameElementPayments.idl
[modify] https://crrev.com/60fc664d00a1b25f327e5b382d4beb473f5eddc4/third_party/WebKit/Source/modules/payments/PaymentRequest.cpp
[modify] https://crrev.com/60fc664d00a1b25f327e5b382d4beb473f5eddc4/third_party/WebKit/Source/platform/RuntimeEnabledFeatures.in

Regarding the M-57 launch timeframe: blink-dev@ decided to launch allowpaymentrequest in its current state, but more non-breaking improvements are coming in M-58. Therefore, keeping this issue open for now.

This issue has been automatically relabelled type=task because type=launch-owp issues are now officially deprecated. The deprecation is because they were creating confusion about how to get launch approvals, which should be instead done via type=launch issues.

We recommend this issue be used for implementation tracking (for public visibility), but if you already have an issue for that, you may mark this as duplicate.

For more details see here: https://docs.google.com/document/d/1JA6RohjtZQc26bTrGoIE_bSXGXUDQz8vc6G0n_sZJ2o/edit

For any questions, please contact owencm, sshruthi, larforge