gecko-dev/testing/web-platform/tests/feature-policy/payment-disabled-by-feature-policy.https.sub.html

<!DOCTYPE html>
<body>
  <script src=/resources/testharness.js></script>
  <script src=/resources/testharnessreport.js></script>
  <script src=/feature-policy/resources/featurepolicy.js></script>
  <script>
  'use strict';
  var same_origin_src = '/feature-policy/resources/feature-policy-payment.html';
  var cross_origin_src = 'https://{{domains[www]}}:{{ports[https][0]}}' +
    same_origin_src;
  var header = 'Feature-Policy header {"payment" : []}';

  test(() => {
    var supportedInstruments = [ { supportedMethods: 'visa' } ];
    var details = {
      total: { label: 'Test', amount: { currency: 'USD', value: '5.00' } }
    };
    assert_throws('SecurityError', () => {
      new PaymentRequest(supportedInstruments, details);
    });
  }, header + ' disallows the top-level document.');

  async_test(t => {
    test_feature_availability('PaymentRequest()', t, same_origin_src,
        expect_feature_unavailable_default);
  }, header + ' disallows same-origin iframes.');

  async_test(t => {
    test_feature_availability('PaymentRequest()', t, cross_origin_src,
        expect_feature_unavailable_default,);
  }, header + ' disallows cross-origin iframes.');

  async_test(t => {
    test_feature_availability(
        'PaymentRequest()', t, same_origin_src,
        expect_feature_unavailable_default, undefined, 'allowpaymentrequest');
  }, header + ' allowpaymentrequest=true disallows same-origin iframes.');

  async_test(t => {
    test_feature_availability(
        'PaymentRequest()', t, cross_origin_src,
        expect_feature_unavailable_default, undefined, 'allowpaymentrequest');
  }, header + ' allowpaymentrequest=true disallows cross-origin iframes.');
  </script>
</body>