The payment form must be generated on a webpage that uses HTTPS, with one exception: you can test on localhost without using HTTPS.
I have added a warning, when a payment form is loaded over HTTP on non-localhosts:
The payment form must be generated on a webpage that uses HTTPS, with one exception: you can test on localhost without using HTTPS.
I have added a warning, when a payment form is loaded over HTTP on non-localhosts: