PaymentHandler + CSP policy test

This page tests whether the CSP `connect-src` policy applies to PaymentHandler. The connect-src policy on this page only allows self and https://google.com/pay, and so should block the PaymentHandler manifest load after it redirects.

No payment will be processed.