This is a rare occurrence on our site, having only detected 4 instances of it over the past few weeks, where 10s of thousands of transactions have occurred successfully.
We only call the following PaymentRequest API onClick
from the <apple-pay-button>
:
async function startApplePay(merchantIdentifier, amount) {
...
try {
const request = new PaymentRequest([ applePayMethod ], paymentDetails);
...
catch (e) {
// cancel, just stay here
if (e.name === "AbortError") {
if (consoleLog) console.log("Payment canceled", e);
logServer("INFO", "Payment canceled");
}
else {
handleError("Error caught: " + e.name + ", " + e.cause + ", " + e.message);
}
}
Where the "handleError" else
case is what gets triggered:
Error caught: SecurityError, undefined, show() must be triggered by user activation.
All 4 instances have been from iPads, but with that small of a sample size, we can't tell whether that's relevant or coincidence. Different iOS versions, but looks like same Safari version.
Here are the 4 User Agents we've seen thus far:
Mozilla/5.0 (iPad; CPU OS 18_2_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/352.0.715618234 Mobile/15E148 Safari/604.1
Mozilla/5.0 (iPad; CPU OS 17_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/352.0.715618234 Mobile/15E148 Safari/604.1
Mozilla/5.0 (iPad; CPU OS 18_3_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/133.0.6943.33 Mobile/15E148 Safari/604.1
Mozilla/5.0 (iPad; CPU OS 18_2_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/133.0.6943.33 Mobile/15E148 Safari/604.1