<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=0.5, maximum-scale=0.5, minimum-scale=0.5">
<meta
http-equiv="Content-Security-Policy"
content="default-src 'none'; script-src 'unsafe-eval'; frame-src https://other.example:*"
>
</head>
<body>
<p>This page is a regression test for <a href="https://crbug.com/1055360">
crbug/1055360</a>.</p>
<ul>
<li>Setup:</li>
<ul>
<li>This top-level document has a CSP policy that sets img-src to
'self'</li>
<li>The cross-origin iframe creates a payment request that triggers
JIT
crawling of the payment method manifest hosted at kylepay.test.
</li>
</ul>
<li>Test: if Chrome handles CSP policy correctly, request.canMakePayment()
should return true as the payment method manifest crawl is successful.
</li>
</ul>
<iframe id="test" allow="payment">
</iframe>
</body>
</html>
Codebase Browser
chromium