The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/27b00e37a69572423886c4d551b6a54eaf774d39

commit 27b00e37a69572423886c4d551b6a54eaf774d39
Author: Rouslan Solomakhin <rouslan@chromium.org>
Date: Tue Aug 22 18:28:26 2017

[Payments][iOS] More robust context security check.

Before this patch, Chrome allowed construction of PaymentRequest
JavaScript object on iOS in an insecure context (e.g., http instead of
https), if constructed before Chrome has had the chance to send the
"context security" bit to the JavaScript shim.

This patch adds rudimentary origin security check to the JavaScript
shim, which is used only if the "context security" bit has not been set
yet (i.e., only very early in page initialization).

After this patch, Chrome denies construction of PaymentRequest
JavaScript on iOS in an insecure context, even if constructed before
Chrome has had the chance to send the "context security" bit to the
JavaScript shim.

Bug:  756064 
Change-Id: I0688109273dd615ca17857b22caadbced7231b93
Reviewed-on: https://chromium-review.googlesource.com/617022
Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org>
Reviewed-by: mahmadi (Moe) <mahmadi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#496376}
[modify] https://crrev.com/27b00e37a69572423886c4d551b6a54eaf774d39/ios/chrome/browser/web/resources/payment_request.js