The Web Payments SDK is preparing to drop support for insecure HTTP contexts. This restriction will be activated in October 2025. For more information about creating a secure context in your application, read the Mozilla Secure contexts article.
Significant improvements have been made to enhance the accessibility of the payment forms, ensuring a better experience for users who rely on screen readers and assistive technologies.
- All payment iframes now include fully accessible titles.
- All payment fields offer fully accessible validation messages.
- Postal code input is now hidden from screen readers when the field is visually hidden on the card form.
- Aria-invalid is only set on
tokenize(). - The card brand icon is made accessible to screen readers.
- ApplePay documentation recommends the use of the
<button>tag for clickable Apple Pay elements.
Error handling is strengthened across multiple payment methods, focusing on common edge cases in Google Pay, Apple Pay, and Cash App Pay integrations.
- Improved error handling when Google Pay is canceled.
- Improved error handling when Apple Pay is used with a delay between a button click and a
tokenize()call. - Improved error handling for buyer verification.
- Improved error handling when Apple Pay is initialized from an insecure HTTP context.
- Improved error handling when Cash App Pay is initialized with an invalid redirect URL.
Several technical updates have been made to streamline ACH configuration, modify token status responses, and update credit card form appearance.
- The
ach()method no longer requires aredirectURIoption and thetransactionIdoption is optional. - The token status types have been updated to return a string rather than an unusable enumeration.
- The credit card form has been updated to use a monospaced font variant.