As of Safari 17 (Release Notes [https://developer.apple.com/documentation/safari-release-notes/safari-17-release-notes#Apple-Pay]), ApplePay is supported within cross-origin iframes with the allow="payment" attribute. This attribute enables apple pay inside of nested iframes, so long as the each frame in the chain has this same allow="payment" attribute. Unfortunately, ApplePay can only be initialized using the top-level domain (https://developer.apple.com/documentation/apple_pay_on_the_web/applepaysession/1778021-onvalidatemerchant). The `onvalidatemerchant` call seems to always look at the top-level domain. This is discussed in detail on this GitHub thread: https://github.com/stripe/stripe-js/issues/484#issuecomment-1973933139 In my view, this defeats the purpose of the new allow="payment" attribute, as the parent frame must always be whitelisted under the domain of the child (assuming the child frame is the ApplePay Merchant). It would be best to use the child frame if the allow="payment" attribute is present. Happy to provide more details if needed.
<rdar://problem/125574910>
Can you share reproducible test case or reduction to allow us to reproduce the issue?
I tried following: https://stripe-payments-demo.appspot.com With Safari 17.4 and it seems to work with random test data.
(In reply to Ahmad Saleem from comment #3) > I tried following: > > https://stripe-payments-demo.appspot.com > > With Safari 17.4 and it seems to work with random test data. https://codepen.io/lambodispatch/pen/VwNyyOW Here is an example In the console you see "You have not registered or verified the domain, so the following payment methods are not enabled in the `paymentRequest`: - apple_pay We have indeed registered the domain for apple pay (see https://checkout-demo.dispatch.co/v1/checkout/001/654d0ed8ea4d425923470263 outside the iframe). You can see the top-level domain being used. I thought this was a Stripe issue but ApplePay actually requires you use the top-level domain or it cannot verify the session.