[Web Payment] No shipping with secure payment confirmation.

Before this patch, invoking PaymentRequest API with secure payment
confirmation method identifier and options to request shipping or
contact information was considered valid.

This patch throws RangeError in PaymentRequest constructor if secure
payment confirmation method identifier is requested together with
shipping or contact information.

After this patch, it's not possible to request secure payment
confirmation method together with shipping or contact information.

Bug: 2348410
Change-Id: I3e01f9b758645a1653533f41da9688c453199b03
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2359554Reviewed-by: Liquan (Max) Gu <maxlg@chromium.org>
Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#798755}

third_party/blink/renderer/modules/payments/payment_request.cc

@@ -681,14 +681,23 @@ void ValidateAndConvertPaymentMethodData(
 
     if (payment_method_data->supportedMethod() ==
             kSecurePaymentConfirmationMethod &&
-        input.size() > 1 &&
         RuntimeEnabledFeatures::SecurePaymentConfirmationEnabled(
             &execution_context)) {
-      exception_state.ThrowRangeError(
-          String(kSecurePaymentConfirmationMethod) +
-          " must be the only payment method identifier specified in the "
-          "PaymentRequest constructor.");
-      return;
+      if (input.size() > 1) {
+        exception_state.ThrowRangeError(
+            String(kSecurePaymentConfirmationMethod) +
+            " must be the only payment method identifier specified in the "
+            "PaymentRequest constructor.");
+        return;
+      } else if (options->requestShipping() || options->requestPayerName() ||
+                 options->requestPayerEmail() || options->requestPayerPhone()) {
+        exception_state.ThrowRangeError(
+            String(kSecurePaymentConfirmationMethod) +
+            " payment method identifier cannot be used with "
+            "\"requestShipping\", \"requestPayerName\", \"requestPayerEmail\", "
+            "or \"requestPayerPhone\" options.");
+        return;
+      }
     }
 
     method_names.insert(payment_method_data->supportedMethod());

third_party/blink/web_tests/external/wpt/payment-request/secure-payment-confirmation.https.html

@@ -50,6 +50,96 @@ test(() => {
   }], details);
 }, 'The timeout field is optional.');
 
+test(() => {
+  assert_throws_js(RangeError, () => {
+    new PaymentRequest([{
+      supportedMethods: 'secure-payment-confirmation',
+      data: {
+        action: 'authenticate',
+        instrumentId: 'x',
+        networkData: Uint8Array.from('x', c => c.charCodeAt(0)),
+        timeout: 60000,
+        fallbackUrl: 'https://fallback.example/url'
+      },
+    }, {supportedMethods: 'basic-card'}], details);
+  });
+}, 'Extra payment method not allowed afterward.');
+
+test(() => {
+  assert_throws_js(RangeError, () => {
+    new PaymentRequest([{supportedMethods: 'basic-card'}, {
+      supportedMethods: 'secure-payment-confirmation',
+      data: {
+        action: 'authenticate',
+        instrumentId: 'x',
+        networkData: Uint8Array.from('x', c => c.charCodeAt(0)),
+        timeout: 60000,
+        fallbackUrl: 'https://fallback.example/url'
+      },
+    }], details);
+  });
+}, 'Extra payment method not allowed beforehand.');
+
+test(() => {
+  assert_throws_js(RangeError, () => {
+    new PaymentRequest([{
+      supportedMethods: 'secure-payment-confirmation',
+      data: {
+        action: 'authenticate',
+        instrumentId: 'x',
+        networkData: Uint8Array.from('x', c => c.charCodeAt(0)),
+        timeout: 60000,
+        fallbackUrl: 'https://fallback.example/url'
+      },
+    }], details, {requestShipping: true});
+  });
+}, 'Cannot request shipping information.');
+
+test(() => {
+  assert_throws_js(RangeError, () => {
+    new PaymentRequest([{
+      supportedMethods: 'secure-payment-confirmation',
+      data: {
+        action: 'authenticate',
+        instrumentId: 'x',
+        networkData: Uint8Array.from('x', c => c.charCodeAt(0)),
+        timeout: 60000,
+        fallbackUrl: 'https://fallback.example/url'
+      },
+    }], details, {requestPayerName: true});
+  });
+}, 'Cannot request payer name.');
+
+test(() => {
+  assert_throws_js(RangeError, () => {
+    new PaymentRequest([{
+      supportedMethods: 'secure-payment-confirmation',
+      data: {
+        action: 'authenticate',
+        instrumentId: 'x',
+        networkData: Uint8Array.from('x', c => c.charCodeAt(0)),
+        timeout: 60000,
+        fallbackUrl: 'https://fallback.example/url'
+      },
+    }], details, {requestPayerEmail: true});
+  });
+}, 'Cannot request payer email.');
+
+test(() => {
+  assert_throws_js(RangeError, () => {
+    new PaymentRequest([{
+      supportedMethods: 'secure-payment-confirmation',
+      data: {
+        action: 'authenticate',
+        instrumentId: 'x',
+        networkData: Uint8Array.from('x', c => c.charCodeAt(0)),
+        timeout: 60000,
+        fallbackUrl: 'https://fallback.example/url'
+      },
+    }], details, {requestPayerPhone: true});
+  });
+}, 'Cannot request payer phone.');
+
 test(() => {
   assert_throws_js(TypeError, () => {
     new PaymentRequest([{