As a developers we need a possibility to modify the Content-Security-Policies to handle No Card Present payment provider scenarios for Hybrid Store Commerce Application.

Without this it is not possible to open an iframe from payment provider.

Similiar functionality already exists for e-Commerce web application.