Author: Andy Alness 2014-05-12 01:05:20
Published on: 2014-05-12T01:05:20+00:00
Andy has proposed amending BIP 70 to suggest implementers include an "Access-Control-Allow-Origin: *" response header for their payment request responses. This would allow pure HTML5 web wallets to use the payment protocol entirely in-browser, without the server hosting the wallet's HTML having to fetch payment requests on the browser's behalf. Andy believes this approach is more elegant and has fewer security/resource implications for the back-end. He does not anticipate any useful attack vectors being opened up by this amendment.
Updated on: 2023-06-08T22:33:56.892584+00:00