Apple Pay Payment Request API iframe

Question

There is a page with implemented payment request api, it has an Applepay button and everything works. But as soon as the page is embedded in the iframe, a SecurityError error occurs: Trying to start an Apple Pay session from a document with an different security origin than its top-level frame.

Attribute allowpaymentrequest = 'true'

The allowPaymentRequest property of the HTMLIFrameElement interface returns a Boolean indicating whether the Payment Request API may be invoked on a cross-origin iframe.

Both pages are https.

example.com:

            const applePayMethod = {
                supportedMethods: "https://apple.com/apple-pay",
                data: {
                    version: 3,
                    merchantIdentifier: "somemerchantid",
                    merchantCapabilities: ["supports3DS",],
                    supportedNetworks: ["masterCard", "visa"],
                    countryCode: "US",
                },
            };

            const paymentDetails = {
                total: {
                    label: "My Merchant",
                    amount: { value: "27.50", currency: "USD" },
                },
            }

            try {
                const request = new PaymentRequest([applePayMethod], paymentDetails, {});

                const response = await request.show();
                const status = processResponse(response);
                response.complete(status);
            } catch (e) {
                console.log(e)
            }  

code-with-iframe.com

<iframe allowpaymentrequest='true' src="https://example.com/" frameborder="0"></iframe>

Answer 1

Allowpaymentrequest attribute is deprecated, no longer supported from browsers

See more here

Answer 2

It should be possible now as of Safari 17.0 using the "allow=payment" attribute like this:

<iframe
  src="https://cross-origin.example"
  allow="payment">
</iframe>

https://www.w3.org/TR/payment-request-1.1/#using-with-cross-origin-iframes