| <!DOCTYPE html> |
| <body> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="/permissions-policy/resources/permissions-policy.js"></script> |
| <script> |
| "use strict"; |
| const same_origin_src = |
| "/permissions-policy/resources/permissions-policy-payment.html"; |
| const cross_origin_src = |
| "https://{{hosts[alt][]}}:{{ports[https][0]}}" + same_origin_src; |
| const header = 'permissions policy header "payment=()"'; |
| |
| test(() => { |
| const supportedInstruments = [{ supportedMethods: "visa" }]; |
| const details = { |
| total: { |
| label: "Test", |
| amount: { currency: "USD", value: "5.00" }, |
| }, |
| }; |
| assert_throws_dom("SecurityError", () => { |
| new PaymentRequest(supportedInstruments, details); |
| }); |
| }, `${header} disallows Payment Request API in top-level document.`); |
| |
| promise_test((test) => { |
| return test_feature_availability({ |
| feature_description: "PaymentRequest()", |
| test, |
| src: same_origin_src, |
| expect_feature_available: expect_feature_unavailable_default, |
| is_promise_test: true, |
| }); |
| }, `${header} disallows Payment Request API in same-origin iframes.`); |
| |
| promise_test((test) => { |
| return test_feature_availability({ |
| feature_description: "PaymentRequest()", |
| test, |
| src: cross_origin_src, |
| expect_feature_available: expect_feature_unavailable_default, |
| is_promise_test: true, |
| }); |
| }, `${header} disallows Payment Request API in cross-origin iframes.`); |
| </script> |
| </body> |