{"_id":"53de653284ab2b1c5eb2dd79","project":"53de5ae684ab2b1c5eb2dd6b","user":"53de5a0384ab2b1c5eb2dd6a","__v":0,"comments":[],"is_link":false,"category":{"_id":"53de5ae684ab2b1c5eb2dd6f","pages":["53de638784ab2b1c5eb2dd77","53de653284ab2b1c5eb2dd79","53de86be84ab2b1c5eb2dd7b"],"project":"53de5ae684ab2b1c5eb2dd6b","version":"53de5ae684ab2b1c5eb2dd6e","__v":5,"sync":{"url":"","isSync":false},"reference":true,"createdAt":"2014-08-03T15:53:10.868Z","from_sync":false,"order":0,"slug":"documentation","title":"Documentation"},"tags":[],"version":{"_id":"53de5ae684ab2b1c5eb2dd6e","__v":3,"project":"53de5ae684ab2b1c5eb2dd6b","createdAt":"2014-08-03T15:53:10.797Z","releaseDate":"2014-08-03T15:53:10.797Z","categories":["53de5ae684ab2b1c5eb2dd6f","53de5fed84ab2b1c5eb2dd72","53de61e584ab2b1c5eb2dd75"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2014-08-03T16:37:06.636Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"auth":"required","params":[],"url":""},"isReference":true,"order":1,"body":"One of the coolest features of Address Picker is that the user's address is shared across every site they visit. If they check out on Site A, their addresses will be available on Site B. This will potentially save a ton of time – like Chrome Autofill on steroids.\n\nHowever, we don't want to leak the user's addresses to any site using the widget. We only want the site to get access to an address if the user wants it to have it.\n\nSo, we use an iFrame. The browser won't let the parent element access the child element, so we are able to safely store addresses for a user until they intentionally select it from the drop down.","excerpt":"Security matters","slug":"security","type":"basic","title":"Security"}

Security

Security matters

One of the coolest features of Address Picker is that the user's address is shared across every site they visit. If they check out on Site A, their addresses will be available on Site B. This will potentially save a ton of time – like Chrome Autofill on steroids. However, we don't want to leak the user's addresses to any site using the widget. We only want the site to get access to an address if the user wants it to have it. So, we use an iFrame. The browser won't let the parent element access the child element, so we are able to safely store addresses for a user until they intentionally select it from the drop down.