CSP for Google Pay Integration
Google Pay is one of those integrations that looks tiny in code and then immediately punches a hole through your CSP if you guessed the source list wrong. You add a payment button, load the Google Pay JavaScript, open a payment sheet, and suddenly the browser starts yelling about blocked scripts, frames, or network connections. I’ve dealt with this enough times that I now treat payment integrations as CSP work first and feature work second. ...