"allowed to use" check is incorrect

[bzbarsky]

PaymentRequest constructor, step 3.3, says:

If any ancestor browsing context of context has an active document with an origin that is not the same as origin and context's browsing context container's node document is not allowed to use the feature indicated by attribute name allowpaymentrequest, then throw a SecurityError.

So this will check whether the parent document is allowed to use the feature. Shouldn't we be checking whether this document is allowed to use the feature?

[sideshowbarker]

So this will check whether the parent document is allowed to use the feature. Shouldn't we be checking whether this document is allowed to use the feature?

Yes. See #359 (comment). #324 and #332 still need to be fixed—the entire paragraph quoted in the issue description here needs to be revisited/rewritten. It’s not implementable as currently specced.

[sideshowbarker]

Yes. See #359 (comment). #324 and #332 still need to be fixed—the entire paragraph quoted in the issue description here needs to be revisited/rewritten. It’s not implementable as currently specced.

oofs, ignore what I said there—I didn’t realize til just now that the paragraph quoted in the issue description is new from the 056e9f4 change intended to fix #324 and #332.