diff --git a/index.html b/index.html index 7bd92d73..1779785b 100644 --- a/index.html +++ b/index.html @@ -126,7 +126,8 @@

version are as follows. The complete list of changes, including all editorial changes, is viewable in the commit - history. + history. Key set of changes are viewable in the Changelog.

@@ -594,6 +597,29 @@

doPaymentRequest(); +
+

+ Using with cross-origin iframes +

+

+ To indicate that a cross-origin [^iframe^] is allowed to invoke the + payment request API, the [^iframe/allow^] attribute along with the + "payment" keyword can be specified on the [^iframe^] element. +

+ 
+          <iframe
+            src="https://cross-origing.example"
+            allow="payment">
+          </iframe>
+
+

+ If the [^iframe^] will be navigated across multiple origins that + support the Payment Request API, then one can set [^iframe/allow^] to + `"payment *"`. The [[[permissions-policy]]] specification provides + further details and examples. +

+

@@ -3574,18 +3600,6 @@

-
-

- PaymentRequest and iframe elements -

-

- To indicate that a cross-origin [^iframe^] is allowed to invoke the - payment request API, the [^iframe/allowpaymentrequest^] attribute can - be specified on the [^iframe^] element. See [[[#permissions-policy]]] - for details of how [^iframe/allowoaymentrequest=] and - [[[permissions-policy]]] interact. -

-

Permissions Policy integration @@ -3596,7 +3610,7 @@

"">payment". Its default allowlist is 'self'.

-
+
+

@@ -5179,7 +5183,7 @@

It is common for merchants and other payees to delegate checkout and other e-commerce activities to payment service providers through an iframe. This API supports payee-authorized cross-origin - iframes through [[HTML]]'s [^iframe/allowpaymentrequest^] attribute. + iframes through [[HTML]]'s [^iframe/allow^] attribute.

Payment handlers have access to both the origin that hosts the