form-action test

This form has target="_blank" which means that Chrome will allow a POST to paypal.com in breach of CSP.

 

This form does not have a target attribute and Chrome will block the POST to paypal.com in accordance with the CSP.

 

The bug for this can be found here: https://bugs.chromium.org/p/chromium/issues/detail?id=630332