Please share your design doc before starting to implement.

Do you have screenshots of how https://codereview.chromium.org/2946013002/ works?

Sure.. I'll upload a screenshot for desktop first.
(In my phone, I'll also upload mobile screenshot!)

Deleted: request_permission_desktop.png 100 KB

	request_permission_desktop.png 100 KB View Download

Hm, we definitely need to get strings reviewed here. I'm not sure this string is clear to users about what's happening.

+Shimi, any thoughts on how we could make this clearer? The idea is that when a user visits a site that can handle payments (e.g. paypal.com), that site can request that they be added as a payment hander for payment request.

FYI for screenshots.

I'm wondering whether there is a better alternative than using a permission prompt here since we know prompts have so many problems. It would be good to meet and chat about this a bit more in person to understand the background and constraints :) 

any update of this bug? I can follow it if it needs internal resources.

I've already done it in https://codereview.chromium.org/2946013002/.
Also, I'll move the CL to gerrit. (with rebase)
Does the string is decided?

I re-uploaded a patch in gerrit:
https://chromium-review.googlesource.com/533193

It sounded like raymes@ had some concerns about using a permission prompt here, did you ever get the chance to sync with any of the permission folks about this?

I believe zkoch@ is working on a proposal to address this bug. Let's table it until he gets back to us.

rouslan@ and others, is there another problem other than string? raymes@'s comment sounds that it is not perfect in security perspective. Could you explain to me what the risks are?

The payment handler is based on service-worker extension feature such as
push-notification or background-sync and so on.

If payment handlers are registered once, their list can be shown on the Payment
Request UI from merchant site initiated.
Also, users can select one thing of the list and then "paymentrequest" event
will be triggered in the associated service worker.

Although the event is triggered by user interaction on PaymentRequest UI,
the permission prompt is still needed for the following reasons.
 - If we would be able to install payment handlers implicitly, fishing payment
   handler might be increased. For examples, look-like PayPal but fishing
   payment handler can be shown on PaymentReqeust UI. Users have to check origin
   and then select safe payment handler but it's not easy if the look-and-feel
   is the same.
 - The SW event might be triggered without user interaction like
   push-notification. (e.g. canMakePayment(), abort())

Although the string has its own problems, I believe Zach's proposal will remove the permission dialog entirely. Let's wait for him to get back to us.

Uploaded screenshots of content settings for desktop UI.
https://chromium-review.googlesource.com/c/chromium/src/+/934741

Deleted: setting_1.png 140 KB

	setting_1.png 140 KB View Download

Deleted: setting_2.png 99 KB

	setting_2.png 99 KB View Download

Deleted: setting_3.png 106 KB

	setting_3.png 106 KB View Download

That looks excellent, Jinho!

+srahim to give input on strings.
Also +estark as FYI

+Durga and Rui for the strings and UX as well.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/22de3a912e038237d792e1a559af8ade475f7a80

commit 22de3a912e038237d792e1a559af8ade475f7a80
Author: Jinho Bang <jinho.bang@samsung.com>
Date: Tue Feb 27 18:16:22 2018

PaymentHandler: Implement permission prompt when calling instruments.set

This patch is an initial implementation of the following spec change:
  - https://github.com/w3c/payment-handler/issues/246
  - https://chromium-review.googlesource.com/c/chromium/src/+/533193

This feature is still behind runtime flag.

Bug: 665949
Change-Id: Ied225b89c7aed3a39955e49e9af2e4e3866a92c2
Reviewed-on: https://chromium-review.googlesource.com/914661
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Raymes Khoury <raymes@chromium.org>
Reviewed-by: Rouslan Solomakhin <rouslan@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Commit-Queue: Jinho Bang <jinho.bang@samsung.com>
Cr-Commit-Position: refs/heads/master@{#539499}
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/android_webview/browser/aw_permission_manager.cc
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/chrome/browser/BUILD.gn
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/chrome/browser/payments/OWNERS
[add] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/chrome/browser/payments/payment_handler_permission_context.cc
[add] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/chrome/browser/payments/payment_handler_permission_context.h
[add] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/chrome/browser/payments/payment_handler_permission_context_unittest.cc
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/chrome/browser/payments/service_worker_payment_app_factory_browsertest.cc
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/chrome/browser/permissions/permission_manager.cc
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/chrome/browser/permissions/permission_request.h
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/chrome/browser/permissions/permission_request_impl.cc
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/chrome/browser/permissions/permission_uma_util.cc
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/chrome/browser/permissions/permission_util.cc
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/chrome/browser/ui/views/payments/payment_request_payment_app_browsertest.cc
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/chrome/browser/ui/webui/site_settings_helper.cc
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/chrome/test/BUILD.gn
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/components/content_settings/core/browser/content_settings_registry.cc
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/components/content_settings/core/common/content_settings.cc
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/components/content_settings/core/common/content_settings_types.h
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/content/browser/permissions/permission_service_impl.cc
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/content/public/browser/permission_type.h
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/content/shell/browser/layout_test/layout_test_message_filter.cc
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/content/shell/browser/shell_permission_manager.cc
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/third_party/WebKit/LayoutTests/http/tests/payments/payment-instruments.html
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/third_party/WebKit/LayoutTests/http/tests/resources/permissions-helper.js
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/third_party/WebKit/Source/modules/payments/PaymentInstruments.cpp
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/third_party/WebKit/Source/modules/payments/PaymentInstruments.h
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/third_party/WebKit/Source/modules/permissions/PermissionDescriptor.idl
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/third_party/WebKit/Source/modules/permissions/Permissions.cpp
[modify] https://crrev.com/22de3a912e038237d792e1a559af8ade475f7a80/third_party/WebKit/public/platform/modules/permissions/permission.mojom

Uploaded new screenshots for content settings page.

Deleted: 2.png 38.1 KB

	2.png 38.1 KB View Download

Deleted: 1.png 59.4 KB

	1.png 59.4 KB View Download

Do the strings change when you uncheck the "Allow sites to install payment handlers (recommended)" checkbox?

Yep, I uploaded additional screenshot when the checkbox is unchecked.

Deleted: 3.png 38.5 KB

	3.png 38.5 KB View Download

Looks great! Thank you.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bad9b92992a089b6d102002b8af2656fc209539c

commit bad9b92992a089b6d102002b8af2656fc209539c
Author: Jinho Bang <jinho.bang@samsung.com>
Date: Tue Mar 06 00:04:57 2018

PaymentHandler: Disable permission prompt for payment handler

As discussed in crrev.com/934741, we no longer want to show the
permission prompt.

Bug: 665949,  816980 
Change-Id: I80f5bdae056df841d8edea797d8578aacfaf6015
Reviewed-on: https://chromium-review.googlesource.com/939882
Reviewed-by: Raymes Khoury <raymes@chromium.org>
Reviewed-by: Rouslan Solomakhin <rouslan@chromium.org>
Commit-Queue: Jinho Bang <jinho.bang@samsung.com>
Cr-Commit-Position: refs/heads/master@{#540995}
[modify] https://crrev.com/bad9b92992a089b6d102002b8af2656fc209539c/chrome/browser/payments/payment_handler_permission_context.cc
[modify] https://crrev.com/bad9b92992a089b6d102002b8af2656fc209539c/chrome/browser/payments/payment_handler_permission_context.h
[modify] https://crrev.com/bad9b92992a089b6d102002b8af2656fc209539c/chrome/browser/payments/payment_handler_permission_context_unittest.cc
[modify] https://crrev.com/bad9b92992a089b6d102002b8af2656fc209539c/chrome/browser/permissions/permission_request_impl.cc
[modify] https://crrev.com/bad9b92992a089b6d102002b8af2656fc209539c/components/content_settings/core/browser/content_settings_registry.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/413478245d30faa6ff1ab76222c4f111df9635e2

commit 413478245d30faa6ff1ab76222c4f111df9635e2
Author: Jinho Bang <jinho.bang@samsung.com>
Date: Thu Mar 08 18:23:31 2018

PaymentHandler: Add a permission check to GetAllPaymentApps()

When PaymentRequest API is initiated from merchant site,
GetAllPaymentApps() will be called to query all installed payment
handler on the browser. At this point, we should check a permission
whether each payment handler is allowed or blocked. If the permission is
BLOCK, the payment handler is not supported in payment request
perspective.

Bug: 665949
Change-Id: I720ffcaab8068506bb165c0353b6cd658973937e
Reviewed-on: https://chromium-review.googlesource.com/948122
Commit-Queue: Jinho Bang <jinho.bang@samsung.com>
Reviewed-by: Rouslan Solomakhin <rouslan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#541841}
[modify] https://crrev.com/413478245d30faa6ff1ab76222c4f111df9635e2/chrome/browser/ui/views/payments/payment_request_payment_app_browsertest.cc
[modify] https://crrev.com/413478245d30faa6ff1ab76222c4f111df9635e2/content/browser/payments/payment_app_provider_impl.cc
[modify] https://crrev.com/413478245d30faa6ff1ab76222c4f111df9635e2/content/browser/payments/payment_app_provider_impl_unittest.cc

Uploaded screenshots for site setting UI on Android

Deleted: Screenshot_20180310-015525.png 90.8 KB

	Screenshot_20180310-015525.png 90.8 KB View Download

Deleted: Screenshot_20180310-015603.png 46.1 KB

	Screenshot_20180310-015603.png 46.1 KB View Download

Deleted: Screenshot_20180310-015632.png 62.1 KB

	Screenshot_20180310-015632.png 62.1 KB View Download

Perfect! Ship it! :-)

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6c696f2cd3a52fc22bcd389930f1edccfb29da8d

commit 6c696f2cd3a52fc22bcd389930f1edccfb29da8d
Author: Jinho Bang <jinho.bang@samsung.com>
Date: Mon Mar 19 19:12:23 2018

PaymentHandler: Implement Content Settings UI for desktop

This adds the content setting page for the new PaymentHandler API and
the UI plumbing. The page is chrome://settings/content/paymentHandler.
This is behind the kServiceWorkerPaymentApps feature flag.

Bug: 665949
Cq-Include-Trybots: master.tryserver.chromium.linux:closure_compilation
Change-Id: Ie388940363c7efda57e66ba16dbf6edcf0f5a31c
Reviewed-on: https://chromium-review.googlesource.com/934741
Commit-Queue: Jinho Bang <jinho.bang@samsung.com>
Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org>
Reviewed-by: Rouslan Solomakhin <rouslan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#544102}
[modify] https://crrev.com/6c696f2cd3a52fc22bcd389930f1edccfb29da8d/chrome/app/settings_strings.grdp
[modify] https://crrev.com/6c696f2cd3a52fc22bcd389930f1edccfb29da8d/chrome/browser/resources/settings/icons.html
[modify] https://crrev.com/6c696f2cd3a52fc22bcd389930f1edccfb29da8d/chrome/browser/resources/settings/privacy_page/privacy_page.html
[modify] https://crrev.com/6c696f2cd3a52fc22bcd389930f1edccfb29da8d/chrome/browser/resources/settings/privacy_page/privacy_page.js
[modify] https://crrev.com/6c696f2cd3a52fc22bcd389930f1edccfb29da8d/chrome/browser/resources/settings/route.js
[modify] https://crrev.com/6c696f2cd3a52fc22bcd389930f1edccfb29da8d/chrome/browser/resources/settings/site_settings/category_default_setting.js
[modify] https://crrev.com/6c696f2cd3a52fc22bcd389930f1edccfb29da8d/chrome/browser/resources/settings/site_settings/constants.js
[modify] https://crrev.com/6c696f2cd3a52fc22bcd389930f1edccfb29da8d/chrome/browser/resources/settings/site_settings/site_details.html
[modify] https://crrev.com/6c696f2cd3a52fc22bcd389930f1edccfb29da8d/chrome/browser/resources/settings/site_settings/site_details.js
[modify] https://crrev.com/6c696f2cd3a52fc22bcd389930f1edccfb29da8d/chrome/browser/resources/settings/site_settings_page/site_settings_page.html
[modify] https://crrev.com/6c696f2cd3a52fc22bcd389930f1edccfb29da8d/chrome/browser/resources/settings/site_settings_page/site_settings_page.js
[modify] https://crrev.com/6c696f2cd3a52fc22bcd389930f1edccfb29da8d/chrome/browser/ui/webui/settings/md_settings_localized_strings_provider.cc
[modify] https://crrev.com/6c696f2cd3a52fc22bcd389930f1edccfb29da8d/chrome/test/data/webui/settings/site_details_tests.js