commit | 16ee55201af94aa06ab450abc0fd3c39bdb31f93 | [log] [tgz] |
---|---|---|
author | Rouslan Solomakhin <rouslan@chromium.org> | Tue Oct 03 19:04:42 2017 |
committer | Commit Bot <commit-bot@chromium.org> | Tue Oct 03 19:04:42 2017 |
tree | d5010baefea7670dd9f8523b2ef524fcc3ca6af5 | |
parent | 2958d0e0dd8c09245f9e40200b2ce0b5df749e53 [diff] |
[Payments] Enforce canMakePayment() quota in incognito mode. Before this patch, calling canMakePayment() on desktop and iOS multiple times with different payment method names and data in incognito mode would always return "true" to preserve user privacy. However, this change in behavior can be used by the website to detect incognito mode, which conflicts with the goals of incognito mode. This patch changes the canMakePayment() implementation to always check the query quota first. If the query quota has been exceeded, the canMakePayment() promise is rejected with NotAllowedError in both normal and incognito browsing modes. After this patch, calling canMakePayment() multiple times with different payment methods and data in incognito mode would return NotAllowedError after the first call. This is identical to the behavior in normal browsing mode. A website can no longer use canMakePayment() to detect incognito mode. Bug: 766973 Change-Id: Ic9bc03769e7846fc639f2a6250091aa511311c39 Reviewed-on: https://chromium-review.googlesource.com/693220 Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org> Reviewed-by: anthonyvd <anthonyvd@chromium.org> Reviewed-by: Moe Ahmadi <mahmadi@chromium.org> Cr-Commit-Position: refs/heads/master@{#506130}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .