@cimplify/sdk 0.7.5 → 0.7.7

package/dist/advanced.d.mts

@@ -1,4 +1,4 @@
-export { A as AuthService, B as BusinessService, i as CartOperations, b as CatalogueQueries, j as CheckoutOperations, j as CheckoutService, t as CimplifyElement, s as CimplifyElements, v as ELEMENT_TYPES, E as EVENT_TYPES, z as ElementEventType, x as ElementOptions, y as ElementType, w as ElementsOptions, F as FetchQuoteInput, q as FxService, G as GetProductsOptions, I as InventoryService, L as LinkService, p as LiteService, M as MESSAGE_TYPES, O as OrderQueries, P as PriceQuote, d as QuoteBundleSelectionInput, Q as QuoteCompositeSelectionInput, f as QuoteDynamicBuckets, e as QuoteStatus, g as QuoteUiMessage, R as RefreshQuoteInput, h as RefreshQuoteResult, o as SchedulingService, S as SearchOptions, u as createElements, k as generateIdempotencyKey } from './client-DvoI0EIX.mjs';
+export { A as AuthService, B as BusinessService, i as CartOperations, b as CatalogueQueries, j as CheckoutOperations, j as CheckoutService, t as CimplifyElement, s as CimplifyElements, v as ELEMENT_TYPES, E as EVENT_TYPES, z as ElementEventType, x as ElementOptions, y as ElementType, w as ElementsOptions, F as FetchQuoteInput, q as FxService, G as GetProductsOptions, I as InventoryService, L as LinkService, p as LiteService, M as MESSAGE_TYPES, O as OrderQueries, P as PriceQuote, d as QuoteBundleSelectionInput, Q as QuoteCompositeSelectionInput, f as QuoteDynamicBuckets, e as QuoteStatus, g as QuoteUiMessage, R as RefreshQuoteInput, h as RefreshQuoteResult, o as SchedulingService, S as SearchOptions, u as createElements, k as generateIdempotencyKey } from './client-DsmJAS8Q.mjs';
 import './payment-CLIWNMaP.mjs';
 
 type Operator = "==" | "!=" | ">" | "<" | ">=" | "<=" | "contains" | "startsWith";

package/dist/advanced.d.ts

@@ -1,4 +1,4 @@
-export { A as AuthService, B as BusinessService, i as CartOperations, b as CatalogueQueries, j as CheckoutOperations, j as CheckoutService, t as CimplifyElement, s as CimplifyElements, v as ELEMENT_TYPES, E as EVENT_TYPES, z as ElementEventType, x as ElementOptions, y as ElementType, w as ElementsOptions, F as FetchQuoteInput, q as FxService, G as GetProductsOptions, I as InventoryService, L as LinkService, p as LiteService, M as MESSAGE_TYPES, O as OrderQueries, P as PriceQuote, d as QuoteBundleSelectionInput, Q as QuoteCompositeSelectionInput, f as QuoteDynamicBuckets, e as QuoteStatus, g as QuoteUiMessage, R as RefreshQuoteInput, h as RefreshQuoteResult, o as SchedulingService, S as SearchOptions, u as createElements, k as generateIdempotencyKey } from './client-CIvQ1ZLZ.js';
+export { A as AuthService, B as BusinessService, i as CartOperations, b as CatalogueQueries, j as CheckoutOperations, j as CheckoutService, t as CimplifyElement, s as CimplifyElements, v as ELEMENT_TYPES, E as EVENT_TYPES, z as ElementEventType, x as ElementOptions, y as ElementType, w as ElementsOptions, F as FetchQuoteInput, q as FxService, G as GetProductsOptions, I as InventoryService, L as LinkService, p as LiteService, M as MESSAGE_TYPES, O as OrderQueries, P as PriceQuote, d as QuoteBundleSelectionInput, Q as QuoteCompositeSelectionInput, f as QuoteDynamicBuckets, e as QuoteStatus, g as QuoteUiMessage, R as RefreshQuoteInput, h as RefreshQuoteResult, o as SchedulingService, S as SearchOptions, u as createElements, k as generateIdempotencyKey } from './client-Rr78TLMS.js';
 import './payment-CLIWNMaP.js';
 
 type Operator = "==" | "!=" | ">" | "<" | ">=" | "<=" | "contains" | "startsWith";

package/dist/advanced.js

@@ -2186,6 +2186,12 @@ function toCheckoutError(code, message, recoverable) {
   };
 }
 var DEFAULT_LINK_URL = "https://link.cimplify.io";
+function generateNonce() {
+  if (typeof crypto !== "undefined" && crypto.randomUUID) {
+    return crypto.randomUUID().replace(/-/g, "").slice(0, 16);
+  }
+  return Math.random().toString(36).slice(2) + Math.random().toString(36).slice(2);
+}
 function isAllowedOrigin(origin) {
   try {
     const url = new URL(origin);
@@ -2560,6 +2566,7 @@ var CimplifyElement = class {
     this.linkUrl = linkUrl;
     this.options = options;
     this.parent = parent;
+    this.nonce = generateNonce();
     this.boundHandleMessage = this.handleMessage.bind(this);
     if (typeof window !== "undefined") {
       window.addEventListener("message", this.boundHandleMessage);
@@ -2646,6 +2653,7 @@ var CimplifyElement = class {
     const iframe = document.createElement("iframe");
     const url = new URL(`${this.linkUrl}/elements/${this.type}`);
     url.searchParams.set("businessId", resolvedBusinessId);
+    url.searchParams.set("nonce", this.nonce);
     if (this.options.prefillEmail) url.searchParams.set("email", this.options.prefillEmail);
     if (this.options.mode) url.searchParams.set("mode", this.options.mode);
     iframe.src = url.toString();
@@ -2681,9 +2689,14 @@ var CimplifyElement = class {
     if (!isAllowedOrigin(event.origin)) {
       return;
     }
-    const iframeWindow = this.iframe?.contentWindow;
-    if (iframeWindow && event.source && event.source !== iframeWindow) {
-      return;
+    const data = event.data;
+    if (data?.nonce) {
+      if (data.nonce !== this.nonce) return;
+    } else {
+      const iframeWindow = this.iframe?.contentWindow;
+      if (iframeWindow && event.source && event.source !== iframeWindow) {
+        return;
+      }
     }
     const message = parseIframeMessage(event.data);
     if (!message) return;

package/dist/advanced.mjs

@@ -2184,6 +2184,12 @@ function toCheckoutError(code, message, recoverable) {
   };
 }
 var DEFAULT_LINK_URL = "https://link.cimplify.io";
+function generateNonce() {
+  if (typeof crypto !== "undefined" && crypto.randomUUID) {
+    return crypto.randomUUID().replace(/-/g, "").slice(0, 16);
+  }
+  return Math.random().toString(36).slice(2) + Math.random().toString(36).slice(2);
+}
 function isAllowedOrigin(origin) {
   try {
     const url = new URL(origin);
@@ -2558,6 +2564,7 @@ var CimplifyElement = class {
     this.linkUrl = linkUrl;
     this.options = options;
     this.parent = parent;
+    this.nonce = generateNonce();
     this.boundHandleMessage = this.handleMessage.bind(this);
     if (typeof window !== "undefined") {
       window.addEventListener("message", this.boundHandleMessage);
@@ -2644,6 +2651,7 @@ var CimplifyElement = class {
     const iframe = document.createElement("iframe");
     const url = new URL(`${this.linkUrl}/elements/${this.type}`);
     url.searchParams.set("businessId", resolvedBusinessId);
+    url.searchParams.set("nonce", this.nonce);
     if (this.options.prefillEmail) url.searchParams.set("email", this.options.prefillEmail);
     if (this.options.mode) url.searchParams.set("mode", this.options.mode);
     iframe.src = url.toString();
@@ -2679,9 +2687,14 @@ var CimplifyElement = class {
     if (!isAllowedOrigin(event.origin)) {
       return;
     }
-    const iframeWindow = this.iframe?.contentWindow;
-    if (iframeWindow && event.source && event.source !== iframeWindow) {
-      return;
+    const data = event.data;
+    if (data?.nonce) {
+      if (data.nonce !== this.nonce) return;
+    } else {
+      const iframeWindow = this.iframe?.contentWindow;
+      if (iframeWindow && event.source && event.source !== iframeWindow) {
+        return;
+      }
     }
     const message = parseIframeMessage(event.data);
     if (!message) return;

package/dist/{client-DvoI0EIX.d.mts → client-DsmJAS8Q.d.mts}

@@ -2124,6 +2124,7 @@ declare class CimplifyElement {
     private linkUrl;
     private options;
     private parent;
+    private nonce;
     private iframe;
     private container;
     private mounted;

package/dist/{client-CIvQ1ZLZ.d.ts → client-Rr78TLMS.d.ts}

@@ -2124,6 +2124,7 @@ declare class CimplifyElement {
     private linkUrl;
     private options;
     private parent;
+    private nonce;
     private iframe;
     private container;
     private mounted;

package/dist/index.d.mts

@@ -1,4 +1,4 @@
-export { aa as AUTHORIZATION_TYPE, af as AUTH_MUTATION, $ as AbortablePromise, cc as AddressData, cE as AddressInfo, aP as AmountToPay, cn as AuthResponse, A as AuthService, m as AuthStatus, cG as AuthenticatedCustomer, cI as AuthenticatedData, c0 as AvailabilityCheck, c1 as AvailabilityResult, bF as AvailableSlot, bI as Booking, bH as BookingStatus, bJ as BookingWithDetails, b7 as BufferTimes, bm as Business, bA as BusinessHours, bl as BusinessPreferences, B as BusinessService, bz as BusinessSettings, bk as BusinessType, bx as BusinessWithLocations, a3 as CHECKOUT_MODE, ag as CHECKOUT_MUTATION, a6 as CHECKOUT_STEP, ac as CONTACT_TYPE, bQ as CancelBookingInput, bR as CancelBookingResult, b1 as CancelOrderInput, b9 as CancellationPolicy, i as CartOperations, b as CatalogueQueries, aC as CatalogueResult, aD as CatalogueSnapshot, bB as CategoryInfo, bN as CheckSlotAvailabilityInput, bO as CheckSlotAvailabilityResult, cq as CheckoutAddressInfo, cs as CheckoutCustomerInfo, N as CheckoutFormData, a$ as CheckoutInput, D as CheckoutMode, j as CheckoutOperations, H as CheckoutOrderType, J as CheckoutPaymentMethod, V as CheckoutResult, j as CheckoutService, Z as CheckoutStatus, _ as CheckoutStatusContext, K as CheckoutStep, C as CimplifyClient, a as CimplifyConfig, t as CimplifyElement, s as CimplifyElements, a2 as ContactType, c8 as CreateAddressInput, ca as CreateMobileMoneyInput, c3 as Customer, c4 as CustomerAddress, bL as CustomerBooking, bK as CustomerBookingServiceItem, c6 as CustomerLinkPreferences, c5 as CustomerMobileMoney, b6 as CustomerServicePreferences, ak as DEFAULT_COUNTRY, aj as DEFAULT_CURRENCY, ab as DEVICE_TYPE, bG as DayAvailability, bg as DepositResult, a1 as DeviceType, v as ELEMENT_TYPES, E as EVENT_TYPES, cD as ElementAppearance, cN as ElementEventHandler, z as ElementEventType, x as ElementOptions, y as ElementType, cJ as ElementsCheckoutData, cK as ElementsCheckoutResult, cH as ElementsCustomerInfo, w as ElementsOptions, ce as EnrollAndLinkOrderInput, ch as EnrollAndLinkOrderResult, cb as EnrollmentData, an as Err, aO as FeeBearerType, F as FetchQuoteInput, aM as FulfillmentLink, aL as FulfillmentStatus, aK as FulfillmentType, cu as FxQuote, ct as FxQuoteRequest, cv as FxRateResponse, q as FxService, bM as GetAvailableSlotsInput, l as GetOrdersOptions, G as GetProductsOptions, cM as IframeToParentMessage, I as InventoryService, c2 as InventorySummary, ae as LINK_MUTATION, ad as LINK_QUERY, aQ as LineItem, aH as LineType, c7 as LinkData, cg as LinkEnrollResult, L as LinkService, ci as LinkSession, cf as LinkStatusResult, r as LiteBootstrap, p as LiteService, bp as Location, bj as LocationAppointment, b$ as LocationStock, bn as LocationTaxBehavior, bo as LocationTaxOverrides, bs as LocationTimeProfile, by as LocationWithDetails, M as MESSAGE_TYPES, a9 as MOBILE_MONEY_PROVIDER, cd as MobileMoneyData, cr as MobileMoneyDetails, a0 as MobileMoneyProvider, ai as ORDER_MUTATION, a4 as ORDER_TYPE, cC as ObservabilityHooks, am as Ok, aR as Order, aG as OrderChannel, a_ as OrderFilter, aN as OrderFulfillmentSummary, aU as OrderGroup, aY as OrderGroupDetails, aV as OrderGroupPayment, aT as OrderGroupPaymentState, aX as OrderGroupPaymentSummary, aS as OrderHistory, aI as OrderLineState, aJ as OrderLineStatus, aZ as OrderPaymentEvent, O as OrderQueries, aW as OrderSplitDetail, aE as OrderStatus, n as OtpResult, a5 as PAYMENT_METHOD, ah as PAYMENT_MUTATION, a7 as PAYMENT_STATE, a8 as PICKUP_TIME_TYPE, cL as ParentToIframeMessage, cF as PaymentMethodInfo, aF as PaymentState, cp as PickupTime, co as PickupTimeType, P as PriceQuote, bb as PricingOverrides, Y as ProcessAndResolveOptions, W as ProcessCheckoutOptions, X as ProcessCheckoutResult, bZ as ProductStock, d as QuoteBundleSelectionInput, Q as QuoteCompositeSelectionInput, f as QuoteDynamicBuckets, e as QuoteStatus, g as QuoteUiMessage, R as RefreshQuoteInput, h as RefreshQuoteResult, b2 as RefundOrderInput, b5 as ReminderMethod, b8 as ReminderSettings, cw as RequestContext, cz as RequestErrorEvent, cl as RequestOtpInput, cx as RequestStartEvent, cy as RequestSuccessEvent, bP as RescheduleBookingInput, bS as RescheduleBookingResult, be as ResourceAssignment, al as Result, cA as RetryEvent, ck as RevokeAllSessionsResult, cj as RevokeSessionResult, bu as Room, bc as SchedulingMetadata, bf as SchedulingResult, o as SchedulingService, S as SearchOptions, bC as Service, bT as ServiceAvailabilityParams, bU as ServiceAvailabilityResult, bv as ServiceCharge, ba as ServiceNotes, bh as ServiceScheduleRequest, b3 as ServiceStatus, cB as SessionChangeEvent, bD as Staff, bd as StaffAssignment, b4 as StaffRole, bi as StaffScheduleItem, bX as Stock, bY as StockLevel, bV as StockOwnershipType, bW as StockStatus, bw as StorefrontBootstrap, bt as Table, T as TableInfo, bq as TimeRange, br as TimeRanges, bE as TimeSlot, c9 as UpdateAddressInput, b0 as UpdateOrderStatusInput, U as UpdateProfileInput, b_ as VariantStock, cm as VerifyOtpInput, aA as combine, aB as combineObject, c as createCimplifyClient, u as createElements, ap as err, au as flatMap, ay as fromPromise, k as generateIdempotencyKey, av as getOrElse, ar as isErr, aq as isOk, at as mapError, as as mapResult, ao as ok, ax as toNullable, az as tryCatch, aw as unwrap } from './client-DvoI0EIX.mjs';
+export { aa as AUTHORIZATION_TYPE, af as AUTH_MUTATION, $ as AbortablePromise, cc as AddressData, cE as AddressInfo, aP as AmountToPay, cn as AuthResponse, A as AuthService, m as AuthStatus, cG as AuthenticatedCustomer, cI as AuthenticatedData, c0 as AvailabilityCheck, c1 as AvailabilityResult, bF as AvailableSlot, bI as Booking, bH as BookingStatus, bJ as BookingWithDetails, b7 as BufferTimes, bm as Business, bA as BusinessHours, bl as BusinessPreferences, B as BusinessService, bz as BusinessSettings, bk as BusinessType, bx as BusinessWithLocations, a3 as CHECKOUT_MODE, ag as CHECKOUT_MUTATION, a6 as CHECKOUT_STEP, ac as CONTACT_TYPE, bQ as CancelBookingInput, bR as CancelBookingResult, b1 as CancelOrderInput, b9 as CancellationPolicy, i as CartOperations, b as CatalogueQueries, aC as CatalogueResult, aD as CatalogueSnapshot, bB as CategoryInfo, bN as CheckSlotAvailabilityInput, bO as CheckSlotAvailabilityResult, cq as CheckoutAddressInfo, cs as CheckoutCustomerInfo, N as CheckoutFormData, a$ as CheckoutInput, D as CheckoutMode, j as CheckoutOperations, H as CheckoutOrderType, J as CheckoutPaymentMethod, V as CheckoutResult, j as CheckoutService, Z as CheckoutStatus, _ as CheckoutStatusContext, K as CheckoutStep, C as CimplifyClient, a as CimplifyConfig, t as CimplifyElement, s as CimplifyElements, a2 as ContactType, c8 as CreateAddressInput, ca as CreateMobileMoneyInput, c3 as Customer, c4 as CustomerAddress, bL as CustomerBooking, bK as CustomerBookingServiceItem, c6 as CustomerLinkPreferences, c5 as CustomerMobileMoney, b6 as CustomerServicePreferences, ak as DEFAULT_COUNTRY, aj as DEFAULT_CURRENCY, ab as DEVICE_TYPE, bG as DayAvailability, bg as DepositResult, a1 as DeviceType, v as ELEMENT_TYPES, E as EVENT_TYPES, cD as ElementAppearance, cN as ElementEventHandler, z as ElementEventType, x as ElementOptions, y as ElementType, cJ as ElementsCheckoutData, cK as ElementsCheckoutResult, cH as ElementsCustomerInfo, w as ElementsOptions, ce as EnrollAndLinkOrderInput, ch as EnrollAndLinkOrderResult, cb as EnrollmentData, an as Err, aO as FeeBearerType, F as FetchQuoteInput, aM as FulfillmentLink, aL as FulfillmentStatus, aK as FulfillmentType, cu as FxQuote, ct as FxQuoteRequest, cv as FxRateResponse, q as FxService, bM as GetAvailableSlotsInput, l as GetOrdersOptions, G as GetProductsOptions, cM as IframeToParentMessage, I as InventoryService, c2 as InventorySummary, ae as LINK_MUTATION, ad as LINK_QUERY, aQ as LineItem, aH as LineType, c7 as LinkData, cg as LinkEnrollResult, L as LinkService, ci as LinkSession, cf as LinkStatusResult, r as LiteBootstrap, p as LiteService, bp as Location, bj as LocationAppointment, b$ as LocationStock, bn as LocationTaxBehavior, bo as LocationTaxOverrides, bs as LocationTimeProfile, by as LocationWithDetails, M as MESSAGE_TYPES, a9 as MOBILE_MONEY_PROVIDER, cd as MobileMoneyData, cr as MobileMoneyDetails, a0 as MobileMoneyProvider, ai as ORDER_MUTATION, a4 as ORDER_TYPE, cC as ObservabilityHooks, am as Ok, aR as Order, aG as OrderChannel, a_ as OrderFilter, aN as OrderFulfillmentSummary, aU as OrderGroup, aY as OrderGroupDetails, aV as OrderGroupPayment, aT as OrderGroupPaymentState, aX as OrderGroupPaymentSummary, aS as OrderHistory, aI as OrderLineState, aJ as OrderLineStatus, aZ as OrderPaymentEvent, O as OrderQueries, aW as OrderSplitDetail, aE as OrderStatus, n as OtpResult, a5 as PAYMENT_METHOD, ah as PAYMENT_MUTATION, a7 as PAYMENT_STATE, a8 as PICKUP_TIME_TYPE, cL as ParentToIframeMessage, cF as PaymentMethodInfo, aF as PaymentState, cp as PickupTime, co as PickupTimeType, P as PriceQuote, bb as PricingOverrides, Y as ProcessAndResolveOptions, W as ProcessCheckoutOptions, X as ProcessCheckoutResult, bZ as ProductStock, d as QuoteBundleSelectionInput, Q as QuoteCompositeSelectionInput, f as QuoteDynamicBuckets, e as QuoteStatus, g as QuoteUiMessage, R as RefreshQuoteInput, h as RefreshQuoteResult, b2 as RefundOrderInput, b5 as ReminderMethod, b8 as ReminderSettings, cw as RequestContext, cz as RequestErrorEvent, cl as RequestOtpInput, cx as RequestStartEvent, cy as RequestSuccessEvent, bP as RescheduleBookingInput, bS as RescheduleBookingResult, be as ResourceAssignment, al as Result, cA as RetryEvent, ck as RevokeAllSessionsResult, cj as RevokeSessionResult, bu as Room, bc as SchedulingMetadata, bf as SchedulingResult, o as SchedulingService, S as SearchOptions, bC as Service, bT as ServiceAvailabilityParams, bU as ServiceAvailabilityResult, bv as ServiceCharge, ba as ServiceNotes, bh as ServiceScheduleRequest, b3 as ServiceStatus, cB as SessionChangeEvent, bD as Staff, bd as StaffAssignment, b4 as StaffRole, bi as StaffScheduleItem, bX as Stock, bY as StockLevel, bV as StockOwnershipType, bW as StockStatus, bw as StorefrontBootstrap, bt as Table, T as TableInfo, bq as TimeRange, br as TimeRanges, bE as TimeSlot, c9 as UpdateAddressInput, b0 as UpdateOrderStatusInput, U as UpdateProfileInput, b_ as VariantStock, cm as VerifyOtpInput, aA as combine, aB as combineObject, c as createCimplifyClient, u as createElements, ap as err, au as flatMap, ay as fromPromise, k as generateIdempotencyKey, av as getOrElse, ar as isErr, aq as isOk, at as mapError, as as mapResult, ao as ok, ax as toNullable, az as tryCatch, aw as unwrap } from './client-DsmJAS8Q.mjs';
 export { QueryBuilder, query } from './advanced.mjs';
 import { A as ApiError } from './payment-CLIWNMaP.mjs';
 export { B as AddOn, at as AddOnDetails, aP as AddOnGroupDetails, G as AddOnOption, aO as AddOnOptionDetails, H as AddOnOptionPrice, F as AddOnWithOptions, aU as AddToCartInput, ai as AdjustmentType, ap as AppliedDiscount, a_ as AuthorizationType, ao as BenefitType, T as Bundle, Y as BundleComponentData, _ as BundleComponentInfo, R as BundlePriceType, W as BundleProduct, ay as BundleSelectionData, aw as BundleSelectionInput, ax as BundleStoredSelection, U as BundleSummary, X as BundleWithDetails, aD as Cart, au as CartAddOn, ag as CartChannel, aE as CartItem, aR as CartItemDetails, af as CartStatus, aW as CartSummary, aF as CartTotals, K as Category, L as CategorySummary, an as ChosenPrice, h as CimplifyError, N as Collection, Q as CollectionProduct, O as CollectionSummary, a4 as ComponentGroup, a5 as ComponentGroupWithComponents, a9 as ComponentPriceBreakdown, a7 as ComponentSelectionInput, a1 as ComponentSourceType, a2 as Composite, a6 as CompositeComponent, aA as CompositePriceBreakdown, a8 as CompositePriceResult, $ as CompositePricingMode, aB as CompositeSelectionData, a7 as CompositeSelectionInput, az as CompositeStoredSelection, a3 as CompositeWithDetails, b as Currency, C as CurrencyCode, p as DepositType, D as DigitalProductType, aq as DiscountBreakdown, ar as DiscountDetails, aI as DisplayAddOn, aJ as DisplayAddOnOption, aG as DisplayCart, aH as DisplayCartItem, g as ERROR_HINTS, E as ErrorCode, e as ErrorCodeType, f as ErrorHint, a0 as GroupPricingBehavior, b2 as InitializePaymentResult, I as InventoryType, aC as LineConfiguration, ac as LocationProductPrice, M as Money, d as Pagination, P as PaginationParams, b1 as Payment, b5 as PaymentErrorDetails, b0 as PaymentMethod, aZ as PaymentMethodType, a$ as PaymentProcessingState, aY as PaymentProvider, b3 as PaymentResponse, aX as PaymentStatus, b4 as PaymentStatusResponse, ab as Price, aj as PriceAdjustment, am as PriceDecisionPath, aa as PriceEntryType, al as PricePathTaxInfo, ah as PriceSource, q as Product, J as ProductAddOn, ad as ProductAvailability, o as ProductRenderHint, ae as ProductTimeProfile, n as ProductType, s as ProductVariant, x as ProductVariantValue, r as ProductWithDetails, S as SalesChannel, as as SelectedAddOnOption, b6 as SubmitAuthorizationInput, ak as TaxPathComponent, aS as UICart, aK as UICartBusiness, aM as UICartCustomer, aL as UICartLocation, aN as UICartPricing, aT as UICartResponse, aV as UpdateCartItemInput, u as VariantAxis, z as VariantAxisSelection, w as VariantAxisValue, v as VariantAxisWithValues, av as VariantDetails, aQ as VariantDetailsDTO, t as VariantDisplayAttribute, y as VariantLocationAvailability, V as VariantStrategy, Z as ZERO, c as currencyCode, k as enrichError, j as getErrorHint, i as isCimplifyError, l as isRetryableError, m as money, a as moneyFromNumber } from './payment-CLIWNMaP.mjs';

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-export { aa as AUTHORIZATION_TYPE, af as AUTH_MUTATION, $ as AbortablePromise, cc as AddressData, cE as AddressInfo, aP as AmountToPay, cn as AuthResponse, A as AuthService, m as AuthStatus, cG as AuthenticatedCustomer, cI as AuthenticatedData, c0 as AvailabilityCheck, c1 as AvailabilityResult, bF as AvailableSlot, bI as Booking, bH as BookingStatus, bJ as BookingWithDetails, b7 as BufferTimes, bm as Business, bA as BusinessHours, bl as BusinessPreferences, B as BusinessService, bz as BusinessSettings, bk as BusinessType, bx as BusinessWithLocations, a3 as CHECKOUT_MODE, ag as CHECKOUT_MUTATION, a6 as CHECKOUT_STEP, ac as CONTACT_TYPE, bQ as CancelBookingInput, bR as CancelBookingResult, b1 as CancelOrderInput, b9 as CancellationPolicy, i as CartOperations, b as CatalogueQueries, aC as CatalogueResult, aD as CatalogueSnapshot, bB as CategoryInfo, bN as CheckSlotAvailabilityInput, bO as CheckSlotAvailabilityResult, cq as CheckoutAddressInfo, cs as CheckoutCustomerInfo, N as CheckoutFormData, a$ as CheckoutInput, D as CheckoutMode, j as CheckoutOperations, H as CheckoutOrderType, J as CheckoutPaymentMethod, V as CheckoutResult, j as CheckoutService, Z as CheckoutStatus, _ as CheckoutStatusContext, K as CheckoutStep, C as CimplifyClient, a as CimplifyConfig, t as CimplifyElement, s as CimplifyElements, a2 as ContactType, c8 as CreateAddressInput, ca as CreateMobileMoneyInput, c3 as Customer, c4 as CustomerAddress, bL as CustomerBooking, bK as CustomerBookingServiceItem, c6 as CustomerLinkPreferences, c5 as CustomerMobileMoney, b6 as CustomerServicePreferences, ak as DEFAULT_COUNTRY, aj as DEFAULT_CURRENCY, ab as DEVICE_TYPE, bG as DayAvailability, bg as DepositResult, a1 as DeviceType, v as ELEMENT_TYPES, E as EVENT_TYPES, cD as ElementAppearance, cN as ElementEventHandler, z as ElementEventType, x as ElementOptions, y as ElementType, cJ as ElementsCheckoutData, cK as ElementsCheckoutResult, cH as ElementsCustomerInfo, w as ElementsOptions, ce as EnrollAndLinkOrderInput, ch as EnrollAndLinkOrderResult, cb as EnrollmentData, an as Err, aO as FeeBearerType, F as FetchQuoteInput, aM as FulfillmentLink, aL as FulfillmentStatus, aK as FulfillmentType, cu as FxQuote, ct as FxQuoteRequest, cv as FxRateResponse, q as FxService, bM as GetAvailableSlotsInput, l as GetOrdersOptions, G as GetProductsOptions, cM as IframeToParentMessage, I as InventoryService, c2 as InventorySummary, ae as LINK_MUTATION, ad as LINK_QUERY, aQ as LineItem, aH as LineType, c7 as LinkData, cg as LinkEnrollResult, L as LinkService, ci as LinkSession, cf as LinkStatusResult, r as LiteBootstrap, p as LiteService, bp as Location, bj as LocationAppointment, b$ as LocationStock, bn as LocationTaxBehavior, bo as LocationTaxOverrides, bs as LocationTimeProfile, by as LocationWithDetails, M as MESSAGE_TYPES, a9 as MOBILE_MONEY_PROVIDER, cd as MobileMoneyData, cr as MobileMoneyDetails, a0 as MobileMoneyProvider, ai as ORDER_MUTATION, a4 as ORDER_TYPE, cC as ObservabilityHooks, am as Ok, aR as Order, aG as OrderChannel, a_ as OrderFilter, aN as OrderFulfillmentSummary, aU as OrderGroup, aY as OrderGroupDetails, aV as OrderGroupPayment, aT as OrderGroupPaymentState, aX as OrderGroupPaymentSummary, aS as OrderHistory, aI as OrderLineState, aJ as OrderLineStatus, aZ as OrderPaymentEvent, O as OrderQueries, aW as OrderSplitDetail, aE as OrderStatus, n as OtpResult, a5 as PAYMENT_METHOD, ah as PAYMENT_MUTATION, a7 as PAYMENT_STATE, a8 as PICKUP_TIME_TYPE, cL as ParentToIframeMessage, cF as PaymentMethodInfo, aF as PaymentState, cp as PickupTime, co as PickupTimeType, P as PriceQuote, bb as PricingOverrides, Y as ProcessAndResolveOptions, W as ProcessCheckoutOptions, X as ProcessCheckoutResult, bZ as ProductStock, d as QuoteBundleSelectionInput, Q as QuoteCompositeSelectionInput, f as QuoteDynamicBuckets, e as QuoteStatus, g as QuoteUiMessage, R as RefreshQuoteInput, h as RefreshQuoteResult, b2 as RefundOrderInput, b5 as ReminderMethod, b8 as ReminderSettings, cw as RequestContext, cz as RequestErrorEvent, cl as RequestOtpInput, cx as RequestStartEvent, cy as RequestSuccessEvent, bP as RescheduleBookingInput, bS as RescheduleBookingResult, be as ResourceAssignment, al as Result, cA as RetryEvent, ck as RevokeAllSessionsResult, cj as RevokeSessionResult, bu as Room, bc as SchedulingMetadata, bf as SchedulingResult, o as SchedulingService, S as SearchOptions, bC as Service, bT as ServiceAvailabilityParams, bU as ServiceAvailabilityResult, bv as ServiceCharge, ba as ServiceNotes, bh as ServiceScheduleRequest, b3 as ServiceStatus, cB as SessionChangeEvent, bD as Staff, bd as StaffAssignment, b4 as StaffRole, bi as StaffScheduleItem, bX as Stock, bY as StockLevel, bV as StockOwnershipType, bW as StockStatus, bw as StorefrontBootstrap, bt as Table, T as TableInfo, bq as TimeRange, br as TimeRanges, bE as TimeSlot, c9 as UpdateAddressInput, b0 as UpdateOrderStatusInput, U as UpdateProfileInput, b_ as VariantStock, cm as VerifyOtpInput, aA as combine, aB as combineObject, c as createCimplifyClient, u as createElements, ap as err, au as flatMap, ay as fromPromise, k as generateIdempotencyKey, av as getOrElse, ar as isErr, aq as isOk, at as mapError, as as mapResult, ao as ok, ax as toNullable, az as tryCatch, aw as unwrap } from './client-CIvQ1ZLZ.js';
+export { aa as AUTHORIZATION_TYPE, af as AUTH_MUTATION, $ as AbortablePromise, cc as AddressData, cE as AddressInfo, aP as AmountToPay, cn as AuthResponse, A as AuthService, m as AuthStatus, cG as AuthenticatedCustomer, cI as AuthenticatedData, c0 as AvailabilityCheck, c1 as AvailabilityResult, bF as AvailableSlot, bI as Booking, bH as BookingStatus, bJ as BookingWithDetails, b7 as BufferTimes, bm as Business, bA as BusinessHours, bl as BusinessPreferences, B as BusinessService, bz as BusinessSettings, bk as BusinessType, bx as BusinessWithLocations, a3 as CHECKOUT_MODE, ag as CHECKOUT_MUTATION, a6 as CHECKOUT_STEP, ac as CONTACT_TYPE, bQ as CancelBookingInput, bR as CancelBookingResult, b1 as CancelOrderInput, b9 as CancellationPolicy, i as CartOperations, b as CatalogueQueries, aC as CatalogueResult, aD as CatalogueSnapshot, bB as CategoryInfo, bN as CheckSlotAvailabilityInput, bO as CheckSlotAvailabilityResult, cq as CheckoutAddressInfo, cs as CheckoutCustomerInfo, N as CheckoutFormData, a$ as CheckoutInput, D as CheckoutMode, j as CheckoutOperations, H as CheckoutOrderType, J as CheckoutPaymentMethod, V as CheckoutResult, j as CheckoutService, Z as CheckoutStatus, _ as CheckoutStatusContext, K as CheckoutStep, C as CimplifyClient, a as CimplifyConfig, t as CimplifyElement, s as CimplifyElements, a2 as ContactType, c8 as CreateAddressInput, ca as CreateMobileMoneyInput, c3 as Customer, c4 as CustomerAddress, bL as CustomerBooking, bK as CustomerBookingServiceItem, c6 as CustomerLinkPreferences, c5 as CustomerMobileMoney, b6 as CustomerServicePreferences, ak as DEFAULT_COUNTRY, aj as DEFAULT_CURRENCY, ab as DEVICE_TYPE, bG as DayAvailability, bg as DepositResult, a1 as DeviceType, v as ELEMENT_TYPES, E as EVENT_TYPES, cD as ElementAppearance, cN as ElementEventHandler, z as ElementEventType, x as ElementOptions, y as ElementType, cJ as ElementsCheckoutData, cK as ElementsCheckoutResult, cH as ElementsCustomerInfo, w as ElementsOptions, ce as EnrollAndLinkOrderInput, ch as EnrollAndLinkOrderResult, cb as EnrollmentData, an as Err, aO as FeeBearerType, F as FetchQuoteInput, aM as FulfillmentLink, aL as FulfillmentStatus, aK as FulfillmentType, cu as FxQuote, ct as FxQuoteRequest, cv as FxRateResponse, q as FxService, bM as GetAvailableSlotsInput, l as GetOrdersOptions, G as GetProductsOptions, cM as IframeToParentMessage, I as InventoryService, c2 as InventorySummary, ae as LINK_MUTATION, ad as LINK_QUERY, aQ as LineItem, aH as LineType, c7 as LinkData, cg as LinkEnrollResult, L as LinkService, ci as LinkSession, cf as LinkStatusResult, r as LiteBootstrap, p as LiteService, bp as Location, bj as LocationAppointment, b$ as LocationStock, bn as LocationTaxBehavior, bo as LocationTaxOverrides, bs as LocationTimeProfile, by as LocationWithDetails, M as MESSAGE_TYPES, a9 as MOBILE_MONEY_PROVIDER, cd as MobileMoneyData, cr as MobileMoneyDetails, a0 as MobileMoneyProvider, ai as ORDER_MUTATION, a4 as ORDER_TYPE, cC as ObservabilityHooks, am as Ok, aR as Order, aG as OrderChannel, a_ as OrderFilter, aN as OrderFulfillmentSummary, aU as OrderGroup, aY as OrderGroupDetails, aV as OrderGroupPayment, aT as OrderGroupPaymentState, aX as OrderGroupPaymentSummary, aS as OrderHistory, aI as OrderLineState, aJ as OrderLineStatus, aZ as OrderPaymentEvent, O as OrderQueries, aW as OrderSplitDetail, aE as OrderStatus, n as OtpResult, a5 as PAYMENT_METHOD, ah as PAYMENT_MUTATION, a7 as PAYMENT_STATE, a8 as PICKUP_TIME_TYPE, cL as ParentToIframeMessage, cF as PaymentMethodInfo, aF as PaymentState, cp as PickupTime, co as PickupTimeType, P as PriceQuote, bb as PricingOverrides, Y as ProcessAndResolveOptions, W as ProcessCheckoutOptions, X as ProcessCheckoutResult, bZ as ProductStock, d as QuoteBundleSelectionInput, Q as QuoteCompositeSelectionInput, f as QuoteDynamicBuckets, e as QuoteStatus, g as QuoteUiMessage, R as RefreshQuoteInput, h as RefreshQuoteResult, b2 as RefundOrderInput, b5 as ReminderMethod, b8 as ReminderSettings, cw as RequestContext, cz as RequestErrorEvent, cl as RequestOtpInput, cx as RequestStartEvent, cy as RequestSuccessEvent, bP as RescheduleBookingInput, bS as RescheduleBookingResult, be as ResourceAssignment, al as Result, cA as RetryEvent, ck as RevokeAllSessionsResult, cj as RevokeSessionResult, bu as Room, bc as SchedulingMetadata, bf as SchedulingResult, o as SchedulingService, S as SearchOptions, bC as Service, bT as ServiceAvailabilityParams, bU as ServiceAvailabilityResult, bv as ServiceCharge, ba as ServiceNotes, bh as ServiceScheduleRequest, b3 as ServiceStatus, cB as SessionChangeEvent, bD as Staff, bd as StaffAssignment, b4 as StaffRole, bi as StaffScheduleItem, bX as Stock, bY as StockLevel, bV as StockOwnershipType, bW as StockStatus, bw as StorefrontBootstrap, bt as Table, T as TableInfo, bq as TimeRange, br as TimeRanges, bE as TimeSlot, c9 as UpdateAddressInput, b0 as UpdateOrderStatusInput, U as UpdateProfileInput, b_ as VariantStock, cm as VerifyOtpInput, aA as combine, aB as combineObject, c as createCimplifyClient, u as createElements, ap as err, au as flatMap, ay as fromPromise, k as generateIdempotencyKey, av as getOrElse, ar as isErr, aq as isOk, at as mapError, as as mapResult, ao as ok, ax as toNullable, az as tryCatch, aw as unwrap } from './client-Rr78TLMS.js';
 export { QueryBuilder, query } from './advanced.js';
 import { A as ApiError } from './payment-CLIWNMaP.js';
 export { B as AddOn, at as AddOnDetails, aP as AddOnGroupDetails, G as AddOnOption, aO as AddOnOptionDetails, H as AddOnOptionPrice, F as AddOnWithOptions, aU as AddToCartInput, ai as AdjustmentType, ap as AppliedDiscount, a_ as AuthorizationType, ao as BenefitType, T as Bundle, Y as BundleComponentData, _ as BundleComponentInfo, R as BundlePriceType, W as BundleProduct, ay as BundleSelectionData, aw as BundleSelectionInput, ax as BundleStoredSelection, U as BundleSummary, X as BundleWithDetails, aD as Cart, au as CartAddOn, ag as CartChannel, aE as CartItem, aR as CartItemDetails, af as CartStatus, aW as CartSummary, aF as CartTotals, K as Category, L as CategorySummary, an as ChosenPrice, h as CimplifyError, N as Collection, Q as CollectionProduct, O as CollectionSummary, a4 as ComponentGroup, a5 as ComponentGroupWithComponents, a9 as ComponentPriceBreakdown, a7 as ComponentSelectionInput, a1 as ComponentSourceType, a2 as Composite, a6 as CompositeComponent, aA as CompositePriceBreakdown, a8 as CompositePriceResult, $ as CompositePricingMode, aB as CompositeSelectionData, a7 as CompositeSelectionInput, az as CompositeStoredSelection, a3 as CompositeWithDetails, b as Currency, C as CurrencyCode, p as DepositType, D as DigitalProductType, aq as DiscountBreakdown, ar as DiscountDetails, aI as DisplayAddOn, aJ as DisplayAddOnOption, aG as DisplayCart, aH as DisplayCartItem, g as ERROR_HINTS, E as ErrorCode, e as ErrorCodeType, f as ErrorHint, a0 as GroupPricingBehavior, b2 as InitializePaymentResult, I as InventoryType, aC as LineConfiguration, ac as LocationProductPrice, M as Money, d as Pagination, P as PaginationParams, b1 as Payment, b5 as PaymentErrorDetails, b0 as PaymentMethod, aZ as PaymentMethodType, a$ as PaymentProcessingState, aY as PaymentProvider, b3 as PaymentResponse, aX as PaymentStatus, b4 as PaymentStatusResponse, ab as Price, aj as PriceAdjustment, am as PriceDecisionPath, aa as PriceEntryType, al as PricePathTaxInfo, ah as PriceSource, q as Product, J as ProductAddOn, ad as ProductAvailability, o as ProductRenderHint, ae as ProductTimeProfile, n as ProductType, s as ProductVariant, x as ProductVariantValue, r as ProductWithDetails, S as SalesChannel, as as SelectedAddOnOption, b6 as SubmitAuthorizationInput, ak as TaxPathComponent, aS as UICart, aK as UICartBusiness, aM as UICartCustomer, aL as UICartLocation, aN as UICartPricing, aT as UICartResponse, aV as UpdateCartItemInput, u as VariantAxis, z as VariantAxisSelection, w as VariantAxisValue, v as VariantAxisWithValues, av as VariantDetails, aQ as VariantDetailsDTO, t as VariantDisplayAttribute, y as VariantLocationAvailability, V as VariantStrategy, Z as ZERO, c as currencyCode, k as enrichError, j as getErrorHint, i as isCimplifyError, l as isRetryableError, m as money, a as moneyFromNumber } from './payment-CLIWNMaP.js';

package/dist/index.js

@@ -2634,6 +2634,12 @@ function toCheckoutError(code, message, recoverable) {
   };
 }
 var DEFAULT_LINK_URL = "https://link.cimplify.io";
+function generateNonce() {
+  if (typeof crypto !== "undefined" && crypto.randomUUID) {
+    return crypto.randomUUID().replace(/-/g, "").slice(0, 16);
+  }
+  return Math.random().toString(36).slice(2) + Math.random().toString(36).slice(2);
+}
 function isAllowedOrigin(origin) {
   try {
     const url = new URL(origin);
@@ -3008,6 +3014,7 @@ var CimplifyElement = class {
     this.linkUrl = linkUrl;
     this.options = options;
     this.parent = parent;
+    this.nonce = generateNonce();
     this.boundHandleMessage = this.handleMessage.bind(this);
     if (typeof window !== "undefined") {
       window.addEventListener("message", this.boundHandleMessage);
@@ -3094,6 +3101,7 @@ var CimplifyElement = class {
     const iframe = document.createElement("iframe");
     const url = new URL(`${this.linkUrl}/elements/${this.type}`);
     url.searchParams.set("businessId", resolvedBusinessId);
+    url.searchParams.set("nonce", this.nonce);
     if (this.options.prefillEmail) url.searchParams.set("email", this.options.prefillEmail);
     if (this.options.mode) url.searchParams.set("mode", this.options.mode);
     iframe.src = url.toString();
@@ -3129,9 +3137,14 @@ var CimplifyElement = class {
     if (!isAllowedOrigin(event.origin)) {
       return;
     }
-    const iframeWindow = this.iframe?.contentWindow;
-    if (iframeWindow && event.source && event.source !== iframeWindow) {
-      return;
+    const data = event.data;
+    if (data?.nonce) {
+      if (data.nonce !== this.nonce) return;
+    } else {
+      const iframeWindow = this.iframe?.contentWindow;
+      if (iframeWindow && event.source && event.source !== iframeWindow) {
+        return;
+      }
     }
     const message = parseIframeMessage(event.data);
     if (!message) return;

package/dist/index.mjs

@@ -2632,6 +2632,12 @@ function toCheckoutError(code, message, recoverable) {
   };
 }
 var DEFAULT_LINK_URL = "https://link.cimplify.io";
+function generateNonce() {
+  if (typeof crypto !== "undefined" && crypto.randomUUID) {
+    return crypto.randomUUID().replace(/-/g, "").slice(0, 16);
+  }
+  return Math.random().toString(36).slice(2) + Math.random().toString(36).slice(2);
+}
 function isAllowedOrigin(origin) {
   try {
     const url = new URL(origin);
@@ -3006,6 +3012,7 @@ var CimplifyElement = class {
     this.linkUrl = linkUrl;
     this.options = options;
     this.parent = parent;
+    this.nonce = generateNonce();
     this.boundHandleMessage = this.handleMessage.bind(this);
     if (typeof window !== "undefined") {
       window.addEventListener("message", this.boundHandleMessage);
@@ -3092,6 +3099,7 @@ var CimplifyElement = class {
     const iframe = document.createElement("iframe");
     const url = new URL(`${this.linkUrl}/elements/${this.type}`);
     url.searchParams.set("businessId", resolvedBusinessId);
+    url.searchParams.set("nonce", this.nonce);
     if (this.options.prefillEmail) url.searchParams.set("email", this.options.prefillEmail);
     if (this.options.mode) url.searchParams.set("mode", this.options.mode);
     iframe.src = url.toString();
@@ -3127,9 +3135,14 @@ var CimplifyElement = class {
     if (!isAllowedOrigin(event.origin)) {
       return;
     }
-    const iframeWindow = this.iframe?.contentWindow;
-    if (iframeWindow && event.source && event.source !== iframeWindow) {
-      return;
+    const data = event.data;
+    if (data?.nonce) {
+      if (data.nonce !== this.nonce) return;
+    } else {
+      const iframeWindow = this.iframe?.contentWindow;
+      if (iframeWindow && event.source && event.source !== iframeWindow) {
+        return;
+      }
     }
     const message = parseIframeMessage(event.data);
     if (!message) return;

package/dist/react.d.mts

@@ -1,4 +1,4 @@
-import { C as CimplifyClient, X as ProcessCheckoutResult, Z as CheckoutStatus, _ as CheckoutStatusContext, bp as Location, bm as Business, aR as Order, d as QuoteBundleSelectionInput, Q as QuoteCompositeSelectionInput, P as PriceQuote, g as QuoteUiMessage, s as CimplifyElements, w as ElementsOptions, cI as AuthenticatedData, cE as AddressInfo, cF as PaymentMethodInfo, cK as ElementsCheckoutResult, W as ProcessCheckoutOptions } from './client-DvoI0EIX.mjs';
+import { C as CimplifyClient, X as ProcessCheckoutResult, Z as CheckoutStatus, _ as CheckoutStatusContext, bp as Location, bm as Business, aR as Order, d as QuoteBundleSelectionInput, Q as QuoteCompositeSelectionInput, P as PriceQuote, g as QuoteUiMessage, s as CimplifyElements, w as ElementsOptions, cI as AuthenticatedData, cE as AddressInfo, cF as PaymentMethodInfo, cK as ElementsCheckoutResult, W as ProcessCheckoutOptions } from './client-DsmJAS8Q.mjs';
 import React, { ReactNode } from 'react';
 import { q as Product, d as Pagination, h as CimplifyError, r as ProductWithDetails, K as Category, aw as BundleSelectionInput, a7 as ComponentSelectionInput, N as Collection, X as BundleWithDetails, a3 as CompositeWithDetails, a8 as CompositePriceResult, C as CurrencyCode } from './payment-CLIWNMaP.mjs';
 import { A as AdSlot, a as AdPosition, e as AdContextValue } from './ads-t3FBTU8p.mjs';
@@ -55,6 +55,7 @@ interface CimplifyCheckoutProps {
     businessId?: string;
     cartId?: string;
     locationId?: string;
+    linkUrl?: string;
     orderTypes?: CheckoutOrderType[];
     enrollInLink?: boolean;
     onComplete: (result: ProcessCheckoutResult) => void;
@@ -74,7 +75,7 @@ interface CimplifyCheckoutProps {
     demoMode?: boolean;
     className?: string;
 }
-declare function CimplifyCheckout({ client, businessId, cartId, locationId, orderTypes, enrollInLink, onComplete, onError, onStatusChange, appearance, demoMode, className, }: CimplifyCheckoutProps): React.ReactElement;
+declare function CimplifyCheckout({ client, businessId, cartId, locationId, linkUrl, orderTypes, enrollInLink, onComplete, onError, onStatusChange, appearance, demoMode, className, }: CimplifyCheckoutProps): React.ReactElement;
 
 interface CimplifyContextValue {
     client: CimplifyClient;

package/dist/react.d.ts

@@ -1,4 +1,4 @@
-import { C as CimplifyClient, X as ProcessCheckoutResult, Z as CheckoutStatus, _ as CheckoutStatusContext, bp as Location, bm as Business, aR as Order, d as QuoteBundleSelectionInput, Q as QuoteCompositeSelectionInput, P as PriceQuote, g as QuoteUiMessage, s as CimplifyElements, w as ElementsOptions, cI as AuthenticatedData, cE as AddressInfo, cF as PaymentMethodInfo, cK as ElementsCheckoutResult, W as ProcessCheckoutOptions } from './client-CIvQ1ZLZ.js';
+import { C as CimplifyClient, X as ProcessCheckoutResult, Z as CheckoutStatus, _ as CheckoutStatusContext, bp as Location, bm as Business, aR as Order, d as QuoteBundleSelectionInput, Q as QuoteCompositeSelectionInput, P as PriceQuote, g as QuoteUiMessage, s as CimplifyElements, w as ElementsOptions, cI as AuthenticatedData, cE as AddressInfo, cF as PaymentMethodInfo, cK as ElementsCheckoutResult, W as ProcessCheckoutOptions } from './client-Rr78TLMS.js';
 import React, { ReactNode } from 'react';
 import { q as Product, d as Pagination, h as CimplifyError, r as ProductWithDetails, K as Category, aw as BundleSelectionInput, a7 as ComponentSelectionInput, N as Collection, X as BundleWithDetails, a3 as CompositeWithDetails, a8 as CompositePriceResult, C as CurrencyCode } from './payment-CLIWNMaP.js';
 import { A as AdSlot, a as AdPosition, e as AdContextValue } from './ads-t3FBTU8p.js';
@@ -55,6 +55,7 @@ interface CimplifyCheckoutProps {
     businessId?: string;
     cartId?: string;
     locationId?: string;
+    linkUrl?: string;
     orderTypes?: CheckoutOrderType[];
     enrollInLink?: boolean;
     onComplete: (result: ProcessCheckoutResult) => void;
@@ -74,7 +75,7 @@ interface CimplifyCheckoutProps {
     demoMode?: boolean;
     className?: string;
 }
-declare function CimplifyCheckout({ client, businessId, cartId, locationId, orderTypes, enrollInLink, onComplete, onError, onStatusChange, appearance, demoMode, className, }: CimplifyCheckoutProps): React.ReactElement;
+declare function CimplifyCheckout({ client, businessId, cartId, locationId, linkUrl, orderTypes, enrollInLink, onComplete, onError, onStatusChange, appearance, demoMode, className, }: CimplifyCheckoutProps): React.ReactElement;
 
 interface CimplifyContextValue {
     client: CimplifyClient;

package/dist/react.js

@@ -379,6 +379,7 @@ function CimplifyCheckout({
   businessId,
   cartId,
   locationId,
+  linkUrl,
   orderTypes,
   enrollInLink = true,
   onComplete,
@@ -411,6 +412,8 @@ function CimplifyCheckout({
   const demoRunRef = react.useRef(0);
   const isDemoCheckout = demoMode ?? client.getPublicKey().trim().length === 0;
   const isTestMode = client.isTestMode();
+  const primaryColor = appearance?.variables?.primaryColor || "#0a2540";
+  const isDark = appearance?.theme === "dark";
   const emitStatus = react.useCallback(
     (nextStatus, context = {}) => {
       setStatus(nextStatus);
@@ -517,7 +520,8 @@ function CimplifyCheckout({
       return;
     }
     const elements = client.elements(resolvedBusinessId, {
-      appearance: initialAppearanceRef.current
+      appearance: initialAppearanceRef.current,
+      linkUrl
     });
     elementsRef.current = elements;
     const auth = elements.create("auth");
@@ -652,44 +656,53 @@ function CimplifyCheckout({
       }
     ),
     /* @__PURE__ */ jsxRuntime.jsx("div", { "data-cimplify-section": "auth", children: /* @__PURE__ */ jsxRuntime.jsx("div", { ref: isDemoCheckout ? void 0 : authMountRef }) }),
-    /* @__PURE__ */ jsxRuntime.jsx("div", { "data-cimplify-section": "order-type", style: { marginTop: "12px" }, children: /* @__PURE__ */ jsxRuntime.jsx(
-      "div",
-      {
-        role: "group",
-        "aria-label": "Order type",
-        style: { display: "flex", gap: "8px", flexWrap: "wrap" },
-        children: resolvedOrderTypes.map((type) => /* @__PURE__ */ jsxRuntime.jsx(
-          "button",
-          {
-            type: "button",
-            onClick: () => setOrderType(type),
-            disabled: isSubmitting,
-            "data-selected": orderType === type ? "true" : "false",
-            style: {
-              padding: "8px 12px",
-              borderRadius: "8px",
-              border: "1px solid #d4d4d8",
-              background: orderType === type ? "#111827" : "#ffffff",
-              color: orderType === type ? "#ffffff" : "#111827",
-              cursor: isSubmitting ? "not-allowed" : "pointer",
-              opacity: isSubmitting ? 0.6 : 1
+    /* @__PURE__ */ jsxRuntime.jsxs("div", { "data-cimplify-section": "order-type", style: { marginTop: "20px" }, children: [
+      /* @__PURE__ */ jsxRuntime.jsx("p", { style: { fontSize: "13px", fontWeight: 500, color: isDark ? "#a1a1aa" : "#71717a", marginBottom: "8px" }, children: "Order type" }),
+      /* @__PURE__ */ jsxRuntime.jsx(
+        "div",
+        {
+          role: "group",
+          "aria-label": "Order type",
+          style: { display: "flex", gap: "8px", flexWrap: "wrap" },
+          children: resolvedOrderTypes.map((type) => /* @__PURE__ */ jsxRuntime.jsx(
+            "button",
+            {
+              type: "button",
+              onClick: () => setOrderType(type),
+              disabled: isSubmitting,
+              "data-selected": orderType === type ? "true" : "false",
+              style: {
+                padding: "8px 14px",
+                borderRadius: "8px",
+                border: orderType === type ? "1px solid transparent" : `1px solid ${isDark ? "#3f3f46" : "#d4d4d8"}`,
+                background: orderType === type ? primaryColor : "transparent",
+                color: orderType === type ? "#ffffff" : isDark ? "#e4e4e7" : "#3f3f46",
+                cursor: isSubmitting ? "not-allowed" : "pointer",
+                opacity: isSubmitting ? 0.6 : 1,
+                fontSize: "14px",
+                fontWeight: 500,
+                transition: "all 150ms ease"
+              },
+              children: labelForOrderType(type)
             },
-            children: labelForOrderType(type)
-          },
-          type
-        ))
-      }
-    ) }),
+            type
+          ))
+        }
+      )
+    ] }),
     /* @__PURE__ */ jsxRuntime.jsx(
       "div",
       {
         "data-cimplify-section": "address",
-        style: { marginTop: "12px", display: orderType === "delivery" ? "block" : "none" },
+        style: { marginTop: "16px", display: orderType === "delivery" ? "block" : "none" },
         children: /* @__PURE__ */ jsxRuntime.jsx("div", { ref: isDemoCheckout ? void 0 : addressMountRef })
       }
     ),
-    /* @__PURE__ */ jsxRuntime.jsx("div", { "data-cimplify-section": "payment", style: { marginTop: "12px" }, children: /* @__PURE__ */ jsxRuntime.jsx("div", { ref: isDemoCheckout ? void 0 : paymentMountRef }) }),
-    /* @__PURE__ */ jsxRuntime.jsx("div", { style: { marginTop: "12px" }, children: /* @__PURE__ */ jsxRuntime.jsx(
+    /* @__PURE__ */ jsxRuntime.jsxs("div", { "data-cimplify-section": "payment", style: { marginTop: "20px" }, children: [
+      /* @__PURE__ */ jsxRuntime.jsx("p", { style: { fontSize: "13px", fontWeight: 500, color: isDark ? "#a1a1aa" : "#71717a", marginBottom: "8px" }, children: "Payment method" }),
+      /* @__PURE__ */ jsxRuntime.jsx("div", { ref: isDemoCheckout ? void 0 : paymentMountRef })
+    ] }),
+    /* @__PURE__ */ jsxRuntime.jsx("div", { style: { marginTop: "24px" }, children: /* @__PURE__ */ jsxRuntime.jsx(
       "button",
       {
         type: "button",
@@ -697,12 +710,16 @@ function CimplifyCheckout({
         disabled: isSubmitting,
         style: {
           width: "100%",
-          padding: "10px 14px",
+          padding: "12px 16px",
           borderRadius: "8px",
           border: "none",
-          background: isSubmitting ? "#a1a1aa" : "#111827",
+          background: isSubmitting ? "#a1a1aa" : primaryColor,
           color: "#ffffff",
-          cursor: isSubmitting ? "not-allowed" : "pointer"
+          cursor: isSubmitting ? "not-allowed" : "pointer",
+          fontWeight: 600,
+          fontSize: "15px",
+          boxShadow: isSubmitting ? "none" : "0 1px 3px 0 rgba(0,0,0,0.1), 0 1px 2px -1px rgba(0,0,0,0.1)",
+          transition: "all 150ms ease"
         },
         children: isSubmitting ? "Processing..." : "Complete Order"
       }
@@ -2875,6 +2892,12 @@ function toCheckoutError(code, message, recoverable) {
   };
 }
 var DEFAULT_LINK_URL = "https://link.cimplify.io";
+function generateNonce() {
+  if (typeof crypto !== "undefined" && crypto.randomUUID) {
+    return crypto.randomUUID().replace(/-/g, "").slice(0, 16);
+  }
+  return Math.random().toString(36).slice(2) + Math.random().toString(36).slice(2);
+}
 function isAllowedOrigin(origin) {
   try {
     const url = new URL(origin);
@@ -3249,6 +3272,7 @@ var CimplifyElement = class {
     this.linkUrl = linkUrl;
     this.options = options;
     this.parent = parent;
+    this.nonce = generateNonce();
     this.boundHandleMessage = this.handleMessage.bind(this);
     if (typeof window !== "undefined") {
       window.addEventListener("message", this.boundHandleMessage);
@@ -3335,6 +3359,7 @@ var CimplifyElement = class {
     const iframe = document.createElement("iframe");
     const url = new URL(`${this.linkUrl}/elements/${this.type}`);
     url.searchParams.set("businessId", resolvedBusinessId);
+    url.searchParams.set("nonce", this.nonce);
     if (this.options.prefillEmail) url.searchParams.set("email", this.options.prefillEmail);
     if (this.options.mode) url.searchParams.set("mode", this.options.mode);
     iframe.src = url.toString();
@@ -3370,9 +3395,14 @@ var CimplifyElement = class {
     if (!isAllowedOrigin(event.origin)) {
       return;
     }
-    const iframeWindow = this.iframe?.contentWindow;
-    if (iframeWindow && event.source && event.source !== iframeWindow) {
-      return;
+    const data = event.data;
+    if (data?.nonce) {
+      if (data.nonce !== this.nonce) return;
+    } else {
+      const iframeWindow = this.iframe?.contentWindow;
+      if (iframeWindow && event.source && event.source !== iframeWindow) {
+        return;
+      }
     }
     const message = parseIframeMessage(event.data);
     if (!message) return;

package/dist/react.mjs

@@ -377,6 +377,7 @@ function CimplifyCheckout({
   businessId,
   cartId,
   locationId,
+  linkUrl,
   orderTypes,
   enrollInLink = true,
   onComplete,
@@ -409,6 +410,8 @@ function CimplifyCheckout({
   const demoRunRef = useRef(0);
   const isDemoCheckout = demoMode ?? client.getPublicKey().trim().length === 0;
   const isTestMode = client.isTestMode();
+  const primaryColor = appearance?.variables?.primaryColor || "#0a2540";
+  const isDark = appearance?.theme === "dark";
   const emitStatus = useCallback(
     (nextStatus, context = {}) => {
       setStatus(nextStatus);
@@ -515,7 +518,8 @@ function CimplifyCheckout({
       return;
     }
     const elements = client.elements(resolvedBusinessId, {
-      appearance: initialAppearanceRef.current
+      appearance: initialAppearanceRef.current,
+      linkUrl
     });
     elementsRef.current = elements;
     const auth = elements.create("auth");
@@ -650,44 +654,53 @@ function CimplifyCheckout({
       }
     ),
     /* @__PURE__ */ jsx("div", { "data-cimplify-section": "auth", children: /* @__PURE__ */ jsx("div", { ref: isDemoCheckout ? void 0 : authMountRef }) }),
-    /* @__PURE__ */ jsx("div", { "data-cimplify-section": "order-type", style: { marginTop: "12px" }, children: /* @__PURE__ */ jsx(
-      "div",
-      {
-        role: "group",
-        "aria-label": "Order type",
-        style: { display: "flex", gap: "8px", flexWrap: "wrap" },
-        children: resolvedOrderTypes.map((type) => /* @__PURE__ */ jsx(
-          "button",
-          {
-            type: "button",
-            onClick: () => setOrderType(type),
-            disabled: isSubmitting,
-            "data-selected": orderType === type ? "true" : "false",
-            style: {
-              padding: "8px 12px",
-              borderRadius: "8px",
-              border: "1px solid #d4d4d8",
-              background: orderType === type ? "#111827" : "#ffffff",
-              color: orderType === type ? "#ffffff" : "#111827",
-              cursor: isSubmitting ? "not-allowed" : "pointer",
-              opacity: isSubmitting ? 0.6 : 1
+    /* @__PURE__ */ jsxs("div", { "data-cimplify-section": "order-type", style: { marginTop: "20px" }, children: [
+      /* @__PURE__ */ jsx("p", { style: { fontSize: "13px", fontWeight: 500, color: isDark ? "#a1a1aa" : "#71717a", marginBottom: "8px" }, children: "Order type" }),
+      /* @__PURE__ */ jsx(
+        "div",
+        {
+          role: "group",
+          "aria-label": "Order type",
+          style: { display: "flex", gap: "8px", flexWrap: "wrap" },
+          children: resolvedOrderTypes.map((type) => /* @__PURE__ */ jsx(
+            "button",
+            {
+              type: "button",
+              onClick: () => setOrderType(type),
+              disabled: isSubmitting,
+              "data-selected": orderType === type ? "true" : "false",
+              style: {
+                padding: "8px 14px",
+                borderRadius: "8px",
+                border: orderType === type ? "1px solid transparent" : `1px solid ${isDark ? "#3f3f46" : "#d4d4d8"}`,
+                background: orderType === type ? primaryColor : "transparent",
+                color: orderType === type ? "#ffffff" : isDark ? "#e4e4e7" : "#3f3f46",
+                cursor: isSubmitting ? "not-allowed" : "pointer",
+                opacity: isSubmitting ? 0.6 : 1,
+                fontSize: "14px",
+                fontWeight: 500,
+                transition: "all 150ms ease"
+              },
+              children: labelForOrderType(type)
             },
-            children: labelForOrderType(type)
-          },
-          type
-        ))
-      }
-    ) }),
+            type
+          ))
+        }
+      )
+    ] }),
     /* @__PURE__ */ jsx(
       "div",
       {
         "data-cimplify-section": "address",
-        style: { marginTop: "12px", display: orderType === "delivery" ? "block" : "none" },
+        style: { marginTop: "16px", display: orderType === "delivery" ? "block" : "none" },
         children: /* @__PURE__ */ jsx("div", { ref: isDemoCheckout ? void 0 : addressMountRef })
       }
     ),
-    /* @__PURE__ */ jsx("div", { "data-cimplify-section": "payment", style: { marginTop: "12px" }, children: /* @__PURE__ */ jsx("div", { ref: isDemoCheckout ? void 0 : paymentMountRef }) }),
-    /* @__PURE__ */ jsx("div", { style: { marginTop: "12px" }, children: /* @__PURE__ */ jsx(
+    /* @__PURE__ */ jsxs("div", { "data-cimplify-section": "payment", style: { marginTop: "20px" }, children: [
+      /* @__PURE__ */ jsx("p", { style: { fontSize: "13px", fontWeight: 500, color: isDark ? "#a1a1aa" : "#71717a", marginBottom: "8px" }, children: "Payment method" }),
+      /* @__PURE__ */ jsx("div", { ref: isDemoCheckout ? void 0 : paymentMountRef })
+    ] }),
+    /* @__PURE__ */ jsx("div", { style: { marginTop: "24px" }, children: /* @__PURE__ */ jsx(
       "button",
       {
         type: "button",
@@ -695,12 +708,16 @@ function CimplifyCheckout({
         disabled: isSubmitting,
         style: {
           width: "100%",
-          padding: "10px 14px",
+          padding: "12px 16px",
           borderRadius: "8px",
           border: "none",
-          background: isSubmitting ? "#a1a1aa" : "#111827",
+          background: isSubmitting ? "#a1a1aa" : primaryColor,
           color: "#ffffff",
-          cursor: isSubmitting ? "not-allowed" : "pointer"
+          cursor: isSubmitting ? "not-allowed" : "pointer",
+          fontWeight: 600,
+          fontSize: "15px",
+          boxShadow: isSubmitting ? "none" : "0 1px 3px 0 rgba(0,0,0,0.1), 0 1px 2px -1px rgba(0,0,0,0.1)",
+          transition: "all 150ms ease"
         },
         children: isSubmitting ? "Processing..." : "Complete Order"
       }
@@ -2873,6 +2890,12 @@ function toCheckoutError(code, message, recoverable) {
   };
 }
 var DEFAULT_LINK_URL = "https://link.cimplify.io";
+function generateNonce() {
+  if (typeof crypto !== "undefined" && crypto.randomUUID) {
+    return crypto.randomUUID().replace(/-/g, "").slice(0, 16);
+  }
+  return Math.random().toString(36).slice(2) + Math.random().toString(36).slice(2);
+}
 function isAllowedOrigin(origin) {
   try {
     const url = new URL(origin);
@@ -3247,6 +3270,7 @@ var CimplifyElement = class {
     this.linkUrl = linkUrl;
     this.options = options;
     this.parent = parent;
+    this.nonce = generateNonce();
     this.boundHandleMessage = this.handleMessage.bind(this);
     if (typeof window !== "undefined") {
       window.addEventListener("message", this.boundHandleMessage);
@@ -3333,6 +3357,7 @@ var CimplifyElement = class {
     const iframe = document.createElement("iframe");
     const url = new URL(`${this.linkUrl}/elements/${this.type}`);
     url.searchParams.set("businessId", resolvedBusinessId);
+    url.searchParams.set("nonce", this.nonce);
     if (this.options.prefillEmail) url.searchParams.set("email", this.options.prefillEmail);
     if (this.options.mode) url.searchParams.set("mode", this.options.mode);
     iframe.src = url.toString();
@@ -3368,9 +3393,14 @@ var CimplifyElement = class {
     if (!isAllowedOrigin(event.origin)) {
       return;
     }
-    const iframeWindow = this.iframe?.contentWindow;
-    if (iframeWindow && event.source && event.source !== iframeWindow) {
-      return;
+    const data = event.data;
+    if (data?.nonce) {
+      if (data.nonce !== this.nonce) return;
+    } else {
+      const iframeWindow = this.iframe?.contentWindow;
+      if (iframeWindow && event.source && event.source !== iframeWindow) {
+        return;
+      }
     }
     const message = parseIframeMessage(event.data);
     if (!message) return;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cimplify/sdk",
-  "version": "0.7.5",
+  "version": "0.7.7",
   "description": "Cimplify Commerce SDK for storefronts",
   "keywords": [
     "cimplify",