Capability delegation

“Capability delegation” means allowing a frame to relinquish its ability to call a restricted JS API (e.g. popups, fullscreen, Payment Request and transfer the ability to another (sub)frame it can trust.

We are proposing a generic model for capability delegation that could be utilized by any JS APIs after they have defined their own “special case” delegation behavior. The primary use-case we want to support is allowing online shopping websites to outsource payment collection/processing to third-party Payment Service Providers (PSPs).

Details of the proposal appears here:

1 Like

An initial implementation of the API is now available in latest Chrome Canary for testing. To try this API with Payment Request, run Chrome 90.0.4414.0 or newer with the command-line flag --enable-blink-features=CapabilityDelegationPaymentRequest, then open this demo.

Stripe supports this proposal! We would be interested in using capability delegation for PaymentRequest, popups, and Web Authentication.