Meeting minutes
Proposal to address issue 125 (failed icon download)
smcgruer_[EST]: Proposal is optional input to say "ok if it doesn't download"
… question of whether it's possible to remove a WebIDL field.
John_Bradley: Some concerns about "removal"; zeroing may be more reliable behavior
Doug: What is the status of "placeholder" versus "removal"?
… I would prefer placeholder rather than no icon
Ian: What type of icon do you mean?
Doug: Browser-based
smcgruer_[EST]: I hear 2 things:
a) Did the browser show something or literally nothing?
b) If the browser shows something, it would be a PNG that shipped with the browser.
Doug: From a validator POV, you'd always be able to verify that either the proper card art was shown, or a default logo for the browser was shown.
John: The browser could also use a URL or URN here.
IJ: Is there a difference from the perspective of the validator?
JohN: The merchant can always tamper with the card art URL.
… you need to validate the assertion in all cases
… might make server side processing easier if there's always the same data type (e.g., a URL)
Doug: I think the boolean would be useful for the validator.
Doug: Possibly from a UI perspective I would like to "not see something wrong" (e.g., missing card art)
… I would not want it to look different each time; would like to see a persistent backup.
John_Bradley: The question of "typing" might be why Stripe wanted the member removed rather than being empty; we should get their input.
Rolf: What is the clear statement of the problem?
… is the attack a dynamic URL? Bad icon?
smcgruer_[EST]: The background to the original request for this functionality is that there are users of SPC who do not mind if the card art doesn't show.
… or e.g., CSP policy or other issues got in the way, and callers were ok with failure.
Ian: I suggest decoupling data from UX. And saying UX could / should include generic card art
John_Bradley: Yes, saying "show generic card art" or similar
Ian: It's not necessarily cards.
John_Bradley: Right, generic instrument icon
<smcgruer_[EST]> https://
John_Bradley: I think it's fair to say a generic instrument icon should be displayed when this error happens.
smcgruer_[EST]: I think the PR is ready to go; please leave a comment on the PR.
New issue 172: Opt-out link enhancement
https://
[Stephen summarizes 172]
… Stripe feels that some feature like this is necessary for them to use SPC
John: What is diff between opt-out and cancel?
<Ian> Next meeting: 7 February