load-end-security-check: a payment app that has contains an image of an external http origin but does not trigger insecure content alert because the app uses long polling to block the page from finish. This app demos how circumventing the security check is possible.
navigation: a payment app that contains a navigation tester.
merchant-side navigation: a payment app that allows merchant to open any url as a payment handler.
open-in-new-tab: a payment app that opens a url in a new window.
open-window-external-origin: a payment app that calls openWindow for an external https url as a payment app url.
open-window-nonexistent-url: a payment app that calls openWindow for an non-existent https url as a payment app url.
permissions: a payment app that request permissions
redirect: a payment app that redirects itself to a http url.
redirect-same-origin: a payment app that redirects itself to a url of the local origin.
theme-color: an app that paints the toolbar into black.