Hi developers,
From version 89, Chrome will limit the web-based payment handler navigations to the following MIME types:
text/*
image/*
video/*
application/javascript
application/xml
application/json
Specifically, Chrome throttles these payment handler navigations by inspecting the response headers of these navigations. This applies to main frames and iframes. If the frame is navigating to a page whose MIME type is not in the above-mentioned list, this navigation will be blocked.
By protecting users from the vulnerabilities of the lesser maintained MIME types, the change will make payment handlers safer to use. We anticipate that the allow list should satisfy a majority of needs. If you find other MIME types necessary for payment handlers, please advise paymen...@chromium.org.
Thanks,
Max