Index: third_party/WebKit/Source/modules/payments/PaymentRequest.cpp |
diff --git a/third_party/WebKit/Source/modules/payments/PaymentRequest.cpp b/third_party/WebKit/Source/modules/payments/PaymentRequest.cpp |
index 77c01005b8f9a30f8e63f05567013cc64196e55b..49ab6bb0cfdf109ef4ecff3aff69c5b059a47e40 100644 |
--- a/third_party/WebKit/Source/modules/payments/PaymentRequest.cpp |
+++ b/third_party/WebKit/Source/modules/payments/PaymentRequest.cpp |
@@ -301,13 +301,16 @@ PaymentRequest::PaymentRequest(ScriptState* scriptState, const Vector<String>& s |
, m_options(options) |
, m_clientBinding(this) |
{ |
- // TODO(rouslan): Also check for a top-level browsing context. |
- // https://github.com/w3c/browser-payment-api/issues/2 |
if (!scriptState->getExecutionContext()->isSecureContext()) { |
exceptionState.throwSecurityError("Must be in a secure context"); |
return; |
} |
+ if (!scriptState->domWindow()->frame() || !scriptState->domWindow()->frame()->isMainFrame()) { |
+ exceptionState.throwSecurityError("Must be in a top-level browsing context"); |
+ return; |
+ } |
+ |
if (supportedMethods.isEmpty()) { |
exceptionState.throwTypeError("Must specify at least one payment method identifier"); |
return; |