@clerk/shared 4.0.0-snapshot.v20251217194100 → 4.0.0-snapshot.v20251218165926

package/dist/runtime/{url-Cf4YiXkp.mjs.map → url-BKWznjF0.mjs.map}

@@ -1 +1 @@
-{"version":3,"file":"url-Cf4YiXkp.mjs","names":["frontendApiRedirectPathsWithUserInput: string[]","frontendApiRedirectPathsNoUserInput: string[]","origins: string[]"],"sources":["../../src/internal/clerk-js/url.ts"],"sourcesContent":["import { globs } from '../../globs';\nimport { createDevOrStagingUrlCache } from '../../keys';\nimport { logger } from '../../logger';\nimport type { SignUpResource } from '../../types';\nimport { camelToSnake } from '../../underscore';\nimport { isCurrentDevAccountPortalOrigin, isLegacyDevAccountPortalOrigin } from '../../url';\nimport { joinPaths } from './path';\nimport { getQueryParams } from './querystring';\n\ndeclare global {\n  export interface Window {\n    tldts: {\n      getDomain(hostname: string, { allowPrivateDomains }: { allowPrivateDomains: boolean }): string;\n    };\n  }\n}\n\n// This is used as a dummy base when we need to invoke \"new URL()\" but we don't care about the URL origin.\nconst DUMMY_URL_BASE = 'http://clerk-dummy';\n\nconst BANNED_URI_PROTOCOLS = ['javascript:'] as const;\n\n// Protocols that are dangerous specifically for href attributes in links\nconst BANNED_HREF_PROTOCOLS = ['javascript:', 'data:', 'vbscript:', 'blob:'] as const;\n\nconst { isDevOrStagingUrl } = createDevOrStagingUrlCache();\nexport { isDevOrStagingUrl };\nconst accountPortalCache = new Map<string, boolean>();\n\nexport function isDevAccountPortalOrigin(hostname: string = window.location.hostname): boolean {\n  if (!hostname) {\n    return false;\n  }\n\n  let res = accountPortalCache.get(hostname);\n\n  if (res === undefined) {\n    res = isLegacyDevAccountPortalOrigin(hostname) || isCurrentDevAccountPortalOrigin(hostname);\n    accountPortalCache.set(hostname, res);\n  }\n\n  return res;\n}\n\nexport function getETLDPlusOneFromFrontendApi(frontendApi: string): string {\n  return frontendApi.replace('clerk.', '');\n}\n\ninterface BuildURLParams extends Partial<URL> {\n  base?: string;\n  hashPath?: string;\n  hashSearch?: string;\n  hashSearchParams?: URLSearchParams | Record<string, string> | Array<URLSearchParams | Record<string, string>>;\n}\n\ninterface BuildURLOptions<T> {\n  skipOrigin?: boolean;\n  stringify?: T;\n}\n\n/**\n *\n * buildURL(params: URLParams, options: BuildURLOptions): string\n *\n * Builds a URL safely by using the native URL() constructor. It can\n * also build a secondary path and search URL that lives inside the hash\n * of the main URL. For example:\n *\n * https://foo.com/bar?qux=42#/hash-bar?hash-qux=42\n *\n * References:\n * https://developer.mozilla.org/en-US/docs/Web/API/URL\n *\n * @param params\n * @param options\n * @returns Returns the URL href\n */\nexport function buildURL<B extends boolean>(\n  params: BuildURLParams,\n  options?: BuildURLOptions<B>,\n): B extends true ? string : URL;\n\nexport function buildURL(params: BuildURLParams, options: BuildURLOptions<boolean> = {}): URL | string {\n  const { base, hashPath, hashSearch, searchParams, hashSearchParams, ...rest } = params;\n\n  let fallbackBase = '';\n  // This check is necessary for React native environments where window is undefined.\n  // TODO: Refactor all window and document usages in clerk-js and import them from\n  // a single file that will be mocked easily in React native environments.\n  if (typeof window !== 'undefined' && !!window.location) {\n    fallbackBase = window.location.href;\n  } else {\n    fallbackBase = 'http://react-native-fake-base-url';\n  }\n\n  const url = new URL(base || '', fallbackBase);\n\n  // Properly copy URLSearchParams\n  if (searchParams instanceof URLSearchParams) {\n    searchParams.forEach((value, key) => {\n      if (value !== null && value !== undefined) {\n        url.searchParams.set(camelToSnake(key), value);\n      }\n    });\n  }\n\n  Object.assign(url, rest);\n\n  // Treat that hash part of the main URL as if it's another URL with a pathname and a search.\n  // Another nested hash inside the top level hash (e.g. #my-hash#my-second-hash) is currently\n  // not supported as there is no use case for it yet.\n  if (hashPath || hashSearch || hashSearchParams) {\n    // Parse the hash to a URL object\n    const dummyUrlForHash = new URL(DUMMY_URL_BASE + url.hash.substring(1));\n\n    // Join the current hash path and with the provided one\n    dummyUrlForHash.pathname = joinPaths(dummyUrlForHash.pathname, hashPath || '');\n\n    // Merge search params from hashSearch string\n    const searchParamsFromHashSearchString = getQueryParams(hashSearch || '');\n    for (const [key, val] of Object.entries(searchParamsFromHashSearchString)) {\n      dummyUrlForHash.searchParams.append(key, val);\n    }\n\n    // Merge search params from the hashSearchParams object\n    if (hashSearchParams) {\n      const paramsArr = Array.isArray(hashSearchParams) ? hashSearchParams : [hashSearchParams];\n      for (const _params of paramsArr) {\n        if (!(_params instanceof URLSearchParams) && typeof _params !== 'object') {\n          continue;\n        }\n        const params = new URLSearchParams(_params);\n        params.forEach((value, key) => {\n          if (value !== null && value !== undefined) {\n            dummyUrlForHash.searchParams.set(camelToSnake(key), value);\n          }\n        });\n      }\n    }\n\n    // Keep just the pathname and the  search\n    const newHash = dummyUrlForHash.href.replace(DUMMY_URL_BASE, '');\n\n    // if the hash is `/`, it means that nothing new was added to the hash\n    // so we can skip assigning it to the hash of the main url\n    if (newHash !== '/') {\n      // Assign them to the hash of the main url\n      url.hash = newHash;\n    }\n  }\n\n  const { stringify, skipOrigin } = options;\n  if (stringify) {\n    return skipOrigin ? url.href.replace(url.origin, '') : url.href;\n  }\n  return url;\n}\n\nexport function toURL(url: string | URL): URL {\n  return new URL(url.toString(), window.location.origin);\n}\n\n/**\n *\n * stripOrigin(url: URL | string): string\n *\n * Strips the origin part of a URL and preserves path, search and hash is applicable\n *\n * References:\n * https://developer.mozilla.org/en-US/docs/Web/API/URL\n *\n * @param url\n * @returns Returns the URL href without the origin\n */\nexport function stripOrigin(url: URL | string): string {\n  // In non-browser environments `window.location.origin` might not be available\n  // if not polyfilled, so we can't construct a URL object with the `url` string\n  // note: in that case, we can't easily strip the origin, so we return the original string\n  if (typeof window.location === 'undefined' && typeof url === 'string') {\n    return url;\n  }\n\n  url = toURL(url);\n  return url.href.replace(url.origin, '');\n}\n\n/**\n * trimTrailingSlash(path: string): string\n *\n * Strips the trailing slashes from a string\n *\n * @returns Returns the string without trailing slashes\n *\n * @param path\n */\nexport const trimTrailingSlash = (path: string): string => {\n  return (path || '').replace(/\\/+$/, '');\n};\n\n/**\n * trimLeadingSlash(path: string): string\n *\n * Strips the leading slashes from a string\n *\n * @returns Returns the string without leading slashes\n *\n * @param path\n */\nexport const trimLeadingSlash = (path: string): string => {\n  return (path || '').replace(/^\\/+/, '');\n};\n\nexport const hasExternalAccountSignUpError = (signUp: SignUpResource): boolean => {\n  const { externalAccount } = signUp.verifications;\n  return !!externalAccount.error;\n};\n\nexport function getSearchParameterFromHash({\n  hash = window.location.hash,\n  paramName,\n}: {\n  hash?: string;\n  paramName: string;\n}) {\n  const h = hash.startsWith('#') ? hash.substring(1) : hash;\n  const dummyUrlForHash = new URL(h, DUMMY_URL_BASE);\n  return dummyUrlForHash.searchParams.get(paramName);\n}\n\nexport function isValidUrl(val: string | URL | undefined | null): boolean {\n  if (!val) {\n    return false;\n  }\n\n  try {\n    new URL(val as string);\n    return true;\n  } catch {\n    return false;\n  }\n}\n\nexport function relativeToAbsoluteUrl(url: string, origin: string | URL): URL {\n  try {\n    return new URL(url);\n  } catch {\n    return new URL(url, origin);\n  }\n}\n\n// Regular expression to detect disallowed patterns\nconst disallowedPatterns = [\n  /\\0/, // Null bytes\n  /^\\/\\//, // Protocol-relative\n  // eslint-disable-next-line no-control-regex\n  /[\\x00-\\x1F]/, // Control characters\n];\n\n/**\n * Check for potentially problematic URLs that could have been crafted to intentionally bypass the origin check. Note that the URLs passed to this\n * function are assumed to be from an \"allowed origin\", so we are not executing origin-specific checks here.\n */\nexport function isProblematicUrl(url: URL): boolean {\n  if (hasBannedProtocol(url)) {\n    return true;\n  }\n  // Check against disallowed patterns\n  for (const pattern of disallowedPatterns) {\n    if (pattern.test(url.pathname)) {\n      return true;\n    }\n  }\n\n  return false;\n}\n\nexport function isDataUri(val?: string): val is string {\n  if (!val || !isValidUrl(val)) {\n    return false;\n  }\n\n  return new URL(val).protocol === 'data:';\n}\n\n/**\n * Checks if a URL uses javascript: protocol.\n * This prevents some XSS attacks through javascript: URLs.\n *\n * IMPORTANT: This does not check for `data:` or other protocols which\n * are dangerous if used for links or setting the window location.\n *\n * @param val - The URL to check\n * @returns True if the URL contains a banned protocol, false otherwise\n */\nexport function hasBannedProtocol(val: string | URL) {\n  if (!isValidUrl(val)) {\n    return false;\n  }\n  const protocol = new URL(val).protocol;\n  return BANNED_URI_PROTOCOLS.some(bp => bp === protocol);\n}\n\n/**\n * Checks if a URL contains a banned protocol for href attributes in links.\n * This prevents some XSS attacks through javascript:, data:, vbscript:, and blob: URLs.\n *\n * @param val - The URL to check\n * @returns True if the URL contains a banned protocol, false otherwise\n */\nexport function hasBannedHrefProtocol(val: string | URL): boolean {\n  if (!isValidUrl(val)) {\n    return false;\n  }\n  const protocol = new URL(val).protocol;\n  return BANNED_HREF_PROTOCOLS.some(bp => bp === protocol);\n}\n\n/**\n * Sanitizes an href value by checking for dangerous protocols.\n * Returns null if the href contains a dangerous protocol, otherwise returns the original href.\n * This prevents some XSS attacks through javascript:, data:, vbscript:, and blob: URLs.\n *\n * @param href - The href value to sanitize\n * @returns The sanitized href or null if dangerous\n */\nexport function sanitizeHref(href: string | undefined | null): string | null {\n  if (!href || href.trim() === '') {\n    return null;\n  }\n\n  // For relative URLs (starting with / or # or ?), allow them through\n  if (href.startsWith('/') || href.startsWith('#') || href.startsWith('?')) {\n    return href;\n  }\n\n  // For relative URLs without leading slash, allow them through\n  if (!href.includes(':')) {\n    return href;\n  }\n\n  // Check if it's a valid URL with a dangerous protocol\n  try {\n    const url = new URL(href);\n    if (hasBannedHrefProtocol(url)) {\n      return null;\n    }\n    return href;\n  } catch {\n    // If URL parsing fails, it's likely a relative URL or malformed\n    // Allow relative URLs through, but be cautious with malformed ones\n    return href;\n  }\n}\n\nexport const hasUrlInFragment = (_url: URL | string) => {\n  return new URL(_url, DUMMY_URL_BASE).hash.startsWith('#/');\n};\n\n/**\n * Creates a new URL by merging a fragment-based URL, if found.\n * The result URL has the original and the fragment pathnames appended\n * and also includes all search params from both places.\n *\n * @example\n * ```ts\n * mergeFragmentIntoUrl('https://accounts.clerk.com/sign-in?user_param=hello#/verify/factor-one?redirect_url=/protected')\n * // Returns: 'https://accounts.clerk.com/sign-in/verify/factor-one?user_param=hello&redirect_url=/protected'\n * ```\n */\nexport const mergeFragmentIntoUrl = (_url: string | URL): URL => {\n  const url = new URL(_url);\n\n  if (!hasUrlInFragment(url)) {\n    return url;\n  }\n\n  const fragmentUrl = new URL(url.hash.replace('#/', '/'), url.href);\n  const mergedPathname = [url.pathname, fragmentUrl.pathname]\n    .map(s => s.split('/'))\n    .flat()\n    .filter(Boolean)\n    .join('/');\n\n  const mergedUrl = new URL(mergedPathname, url.origin);\n\n  url.searchParams.forEach((val, key) => {\n    mergedUrl.searchParams.set(key, val);\n  });\n\n  fragmentUrl.searchParams.forEach((val, key) => {\n    mergedUrl.searchParams.set(key, val);\n  });\n\n  return mergedUrl;\n};\n\nexport const pathFromFullPath = (fullPath: string) => {\n  return fullPath.replace(/CLERK-ROUTER\\/(.*?)\\//, '');\n};\n\nconst frontendApiRedirectPathsWithUserInput: string[] = [\n  '/oauth/authorize', // OAuth2 identify provider flow\n];\n\nconst frontendApiRedirectPathsNoUserInput: string[] = [\n  '/v1/verify', // magic links\n  '/v1/tickets/accept', // ticket flow\n  '/oauth/authorize-with-immediate-redirect', // OAuth 2 identity provider\n  '/oauth/end_session', // OIDC logout\n];\n\nexport function isRedirectForFAPIInitiatedFlow(frontendApi: string, redirectUrl: string): boolean {\n  const url = new URL(redirectUrl, DUMMY_URL_BASE);\n  const path = url.pathname;\n\n  const isValidFrontendRedirectPath =\n    frontendApiRedirectPathsWithUserInput.includes(path) || frontendApiRedirectPathsNoUserInput.includes(path);\n  return frontendApi === url.host && isValidFrontendRedirectPath;\n}\n\nexport function requiresUserInput(redirectUrl: string): boolean {\n  const url = new URL(redirectUrl, DUMMY_URL_BASE);\n  return frontendApiRedirectPathsWithUserInput.includes(url.pathname);\n}\n\nexport const isAllowedRedirect =\n  (allowedRedirectOrigins: Array<string | RegExp> | undefined, currentOrigin: string) => (_url: URL | string) => {\n    let url = _url;\n    if (typeof url === 'string') {\n      url = relativeToAbsoluteUrl(url, currentOrigin);\n    }\n\n    if (!allowedRedirectOrigins) {\n      return true;\n    }\n\n    const isSameOrigin = currentOrigin === url.origin;\n\n    const isAllowed =\n      !isProblematicUrl(url) &&\n      (isSameOrigin ||\n        allowedRedirectOrigins\n          .map(origin => (typeof origin === 'string' ? globs.toRegexp(trimTrailingSlash(origin)) : origin))\n          .some(origin => origin.test(trimTrailingSlash(url.origin))));\n\n    if (!isAllowed) {\n      logger.warnOnce(\n        `Clerk: Redirect URL ${url} is not on one of the allowedRedirectOrigins, falling back to the default redirect URL.`,\n      );\n    }\n    return isAllowed;\n  };\n\nexport function createAllowedRedirectOrigins(\n  allowedRedirectOrigins: Array<string | RegExp> | undefined,\n  frontendApi: string,\n  instanceType?: string,\n): (string | RegExp)[] | undefined {\n  if (Array.isArray(allowedRedirectOrigins) && !!allowedRedirectOrigins.length) {\n    return allowedRedirectOrigins;\n  }\n\n  const origins: string[] = [];\n  if (typeof window !== 'undefined' && !!window.location) {\n    origins.push(window.location.origin);\n  }\n\n  origins.push(`https://${getETLDPlusOneFromFrontendApi(frontendApi)}`);\n  origins.push(`https://*.${getETLDPlusOneFromFrontendApi(frontendApi)}`);\n\n  if (instanceType === 'development') {\n    origins.push(`https://${frontendApi}`);\n  }\n\n  return origins;\n}\n"],"mappings":";;;;;;;;;AAkBA,MAAM,iBAAiB;AAEvB,MAAM,uBAAuB,CAAC,cAAc;AAG5C,MAAM,wBAAwB;CAAC;CAAe;CAAS;CAAa;CAAQ;AAE5E,MAAM,EAAE,sBAAsB,4BAA4B;AAE1D,MAAM,qCAAqB,IAAI,KAAsB;AAErD,SAAgB,yBAAyB,WAAmB,OAAO,SAAS,UAAmB;AAC7F,KAAI,CAAC,SACH,QAAO;CAGT,IAAI,MAAM,mBAAmB,IAAI,SAAS;AAE1C,KAAI,QAAQ,QAAW;AACrB,QAAM,+BAA+B,SAAS,IAAI,gCAAgC,SAAS;AAC3F,qBAAmB,IAAI,UAAU,IAAI;;AAGvC,QAAO;;AAGT,SAAgB,8BAA8B,aAA6B;AACzE,QAAO,YAAY,QAAQ,UAAU,GAAG;;AAqC1C,SAAgB,SAAS,QAAwB,UAAoC,EAAE,EAAgB;CACrG,MAAM,EAAE,MAAM,UAAU,YAAY,cAAc,iBAAkB,GAAG,SAAS;CAEhF,IAAI,eAAe;AAInB,KAAI,OAAO,WAAW,eAAe,CAAC,CAAC,OAAO,SAC5C,gBAAe,OAAO,SAAS;KAE/B,gBAAe;CAGjB,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI,aAAa;AAG7C,KAAI,wBAAwB,gBAC1B,cAAa,SAAS,OAAO,QAAQ;AACnC,MAAI,UAAU,QAAQ,UAAU,OAC9B,KAAI,aAAa,IAAI,aAAa,IAAI,EAAE,MAAM;GAEhD;AAGJ,QAAO,OAAO,KAAK,KAAK;AAKxB,KAAI,YAAY,cAAc,kBAAkB;EAE9C,MAAM,kBAAkB,IAAI,IAAI,iBAAiB,IAAI,KAAK,UAAU,EAAE,CAAC;AAGvE,kBAAgB,WAAW,UAAU,gBAAgB,UAAU,YAAY,GAAG;EAG9E,MAAM,mCAAmC,eAAe,cAAc,GAAG;AACzE,OAAK,MAAM,CAAC,KAAK,QAAQ,OAAO,QAAQ,iCAAiC,CACvE,iBAAgB,aAAa,OAAO,KAAK,IAAI;AAI/C,MAAI,kBAAkB;GACpB,MAAM,YAAY,MAAM,QAAQ,iBAAiB,GAAG,mBAAmB,CAAC,iBAAiB;AACzF,QAAK,MAAM,WAAW,WAAW;AAC/B,QAAI,EAAE,mBAAmB,oBAAoB,OAAO,YAAY,SAC9D;AAGF,IADe,IAAI,gBAAgB,QAAQ,CACpC,SAAS,OAAO,QAAQ;AAC7B,SAAI,UAAU,QAAQ,UAAU,OAC9B,iBAAgB,aAAa,IAAI,aAAa,IAAI,EAAE,MAAM;MAE5D;;;EAKN,MAAM,UAAU,gBAAgB,KAAK,QAAQ,gBAAgB,GAAG;AAIhE,MAAI,YAAY,IAEd,KAAI,OAAO;;CAIf,MAAM,EAAE,WAAW,eAAe;AAClC,KAAI,UACF,QAAO,aAAa,IAAI,KAAK,QAAQ,IAAI,QAAQ,GAAG,GAAG,IAAI;AAE7D,QAAO;;AAGT,SAAgB,MAAM,KAAwB;AAC5C,QAAO,IAAI,IAAI,IAAI,UAAU,EAAE,OAAO,SAAS,OAAO;;;;;;;;;;;;;;AAexD,SAAgB,YAAY,KAA2B;AAIrD,KAAI,OAAO,OAAO,aAAa,eAAe,OAAO,QAAQ,SAC3D,QAAO;AAGT,OAAM,MAAM,IAAI;AAChB,QAAO,IAAI,KAAK,QAAQ,IAAI,QAAQ,GAAG;;;;;;;;;;;AAYzC,MAAa,qBAAqB,SAAyB;AACzD,SAAQ,QAAQ,IAAI,QAAQ,QAAQ,GAAG;;;;;;;;;;;AAYzC,MAAa,oBAAoB,SAAyB;AACxD,SAAQ,QAAQ,IAAI,QAAQ,QAAQ,GAAG;;AAGzC,MAAa,iCAAiC,WAAoC;CAChF,MAAM,EAAE,oBAAoB,OAAO;AACnC,QAAO,CAAC,CAAC,gBAAgB;;AAG3B,SAAgB,2BAA2B,EACzC,OAAO,OAAO,SAAS,MACvB,aAIC;CACD,MAAM,IAAI,KAAK,WAAW,IAAI,GAAG,KAAK,UAAU,EAAE,GAAG;AAErD,QADwB,IAAI,IAAI,GAAG,eAAe,CAC3B,aAAa,IAAI,UAAU;;AAGpD,SAAgB,WAAW,KAA+C;AACxE,KAAI,CAAC,IACH,QAAO;AAGT,KAAI;AACF,MAAI,IAAI,IAAc;AACtB,SAAO;SACD;AACN,SAAO;;;AAIX,SAAgB,sBAAsB,KAAa,QAA2B;AAC5E,KAAI;AACF,SAAO,IAAI,IAAI,IAAI;SACb;AACN,SAAO,IAAI,IAAI,KAAK,OAAO;;;AAK/B,MAAM,qBAAqB;CACzB;CACA;CAEA;CACD;;;;;AAMD,SAAgB,iBAAiB,KAAmB;AAClD,KAAI,kBAAkB,IAAI,CACxB,QAAO;AAGT,MAAK,MAAM,WAAW,mBACpB,KAAI,QAAQ,KAAK,IAAI,SAAS,CAC5B,QAAO;AAIX,QAAO;;AAGT,SAAgB,UAAU,KAA6B;AACrD,KAAI,CAAC,OAAO,CAAC,WAAW,IAAI,CAC1B,QAAO;AAGT,QAAO,IAAI,IAAI,IAAI,CAAC,aAAa;;;;;;;;;;;;AAanC,SAAgB,kBAAkB,KAAmB;AACnD,KAAI,CAAC,WAAW,IAAI,CAClB,QAAO;CAET,MAAM,WAAW,IAAI,IAAI,IAAI,CAAC;AAC9B,QAAO,qBAAqB,MAAK,OAAM,OAAO,SAAS;;;;;;;;;AAUzD,SAAgB,sBAAsB,KAA4B;AAChE,KAAI,CAAC,WAAW,IAAI,CAClB,QAAO;CAET,MAAM,WAAW,IAAI,IAAI,IAAI,CAAC;AAC9B,QAAO,sBAAsB,MAAK,OAAM,OAAO,SAAS;;;;;;;;;;AAW1D,SAAgB,aAAa,MAAgD;AAC3E,KAAI,CAAC,QAAQ,KAAK,MAAM,KAAK,GAC3B,QAAO;AAIT,KAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,CACtE,QAAO;AAIT,KAAI,CAAC,KAAK,SAAS,IAAI,CACrB,QAAO;AAIT,KAAI;AAEF,MAAI,sBADQ,IAAI,IAAI,KAAK,CACK,CAC5B,QAAO;AAET,SAAO;SACD;AAGN,SAAO;;;AAIX,MAAa,oBAAoB,SAAuB;AACtD,QAAO,IAAI,IAAI,MAAM,eAAe,CAAC,KAAK,WAAW,KAAK;;;;;;;;;;;;;AAc5D,MAAa,wBAAwB,SAA4B;CAC/D,MAAM,MAAM,IAAI,IAAI,KAAK;AAEzB,KAAI,CAAC,iBAAiB,IAAI,CACxB,QAAO;CAGT,MAAM,cAAc,IAAI,IAAI,IAAI,KAAK,QAAQ,MAAM,IAAI,EAAE,IAAI,KAAK;CAClE,MAAM,iBAAiB,CAAC,IAAI,UAAU,YAAY,SAAS,CACxD,KAAI,MAAK,EAAE,MAAM,IAAI,CAAC,CACtB,MAAM,CACN,OAAO,QAAQ,CACf,KAAK,IAAI;CAEZ,MAAM,YAAY,IAAI,IAAI,gBAAgB,IAAI,OAAO;AAErD,KAAI,aAAa,SAAS,KAAK,QAAQ;AACrC,YAAU,aAAa,IAAI,KAAK,IAAI;GACpC;AAEF,aAAY,aAAa,SAAS,KAAK,QAAQ;AAC7C,YAAU,aAAa,IAAI,KAAK,IAAI;GACpC;AAEF,QAAO;;AAGT,MAAa,oBAAoB,aAAqB;AACpD,QAAO,SAAS,QAAQ,yBAAyB,GAAG;;AAGtD,MAAMA,wCAAkD,CACtD,mBACD;AAED,MAAMC,sCAAgD;CACpD;CACA;CACA;CACA;CACD;AAED,SAAgB,+BAA+B,aAAqB,aAA8B;CAChG,MAAM,MAAM,IAAI,IAAI,aAAa,eAAe;CAChD,MAAM,OAAO,IAAI;CAEjB,MAAM,8BACJ,sCAAsC,SAAS,KAAK,IAAI,oCAAoC,SAAS,KAAK;AAC5G,QAAO,gBAAgB,IAAI,QAAQ;;AAGrC,SAAgB,kBAAkB,aAA8B;CAC9D,MAAM,MAAM,IAAI,IAAI,aAAa,eAAe;AAChD,QAAO,sCAAsC,SAAS,IAAI,SAAS;;AAGrE,MAAa,qBACV,wBAA4D,mBAA2B,SAAuB;CAC7G,IAAI,MAAM;AACV,KAAI,OAAO,QAAQ,SACjB,OAAM,sBAAsB,KAAK,cAAc;AAGjD,KAAI,CAAC,uBACH,QAAO;CAGT,MAAM,eAAe,kBAAkB,IAAI;CAE3C,MAAM,YACJ,CAAC,iBAAiB,IAAI,KACrB,gBACC,uBACG,KAAI,WAAW,OAAO,WAAW,WAAW,MAAM,SAAS,kBAAkB,OAAO,CAAC,GAAG,OAAQ,CAChG,MAAK,WAAU,OAAO,KAAK,kBAAkB,IAAI,OAAO,CAAC,CAAC;AAEjE,KAAI,CAAC,UACH,QAAO,SACL,uBAAuB,IAAI,yFAC5B;AAEH,QAAO;;AAGX,SAAgB,6BACd,wBACA,aACA,cACiC;AACjC,KAAI,MAAM,QAAQ,uBAAuB,IAAI,CAAC,CAAC,uBAAuB,OACpE,QAAO;CAGT,MAAMC,UAAoB,EAAE;AAC5B,KAAI,OAAO,WAAW,eAAe,CAAC,CAAC,OAAO,SAC5C,SAAQ,KAAK,OAAO,SAAS,OAAO;AAGtC,SAAQ,KAAK,WAAW,8BAA8B,YAAY,GAAG;AACrE,SAAQ,KAAK,aAAa,8BAA8B,YAAY,GAAG;AAEvE,KAAI,iBAAiB,cACnB,SAAQ,KAAK,WAAW,cAAc;AAGxC,QAAO"}
+{"version":3,"file":"url-BKWznjF0.mjs","names":["frontendApiRedirectPathsWithUserInput: string[]","frontendApiRedirectPathsNoUserInput: string[]","origins: string[]"],"sources":["../../src/internal/clerk-js/url.ts"],"sourcesContent":["import { globs } from '../../globs';\nimport { createDevOrStagingUrlCache } from '../../keys';\nimport { logger } from '../../logger';\nimport type { SignUpResource } from '../../types';\nimport { camelToSnake } from '../../underscore';\nimport { isCurrentDevAccountPortalOrigin, isLegacyDevAccountPortalOrigin } from '../../url';\nimport { joinPaths } from './path';\nimport { getQueryParams } from './querystring';\n\ndeclare global {\n  export interface Window {\n    tldts: {\n      getDomain(hostname: string, { allowPrivateDomains }: { allowPrivateDomains: boolean }): string;\n    };\n  }\n}\n\n// This is used as a dummy base when we need to invoke \"new URL()\" but we don't care about the URL origin.\nconst DUMMY_URL_BASE = 'http://clerk-dummy';\n\nconst BANNED_URI_PROTOCOLS = ['javascript:'] as const;\n\n// Protocols that are dangerous specifically for href attributes in links\nconst BANNED_HREF_PROTOCOLS = ['javascript:', 'data:', 'vbscript:', 'blob:'] as const;\n\nconst { isDevOrStagingUrl } = createDevOrStagingUrlCache();\nexport { isDevOrStagingUrl };\nconst accountPortalCache = new Map<string, boolean>();\n\nexport function isDevAccountPortalOrigin(hostname: string = window.location.hostname): boolean {\n  if (!hostname) {\n    return false;\n  }\n\n  let res = accountPortalCache.get(hostname);\n\n  if (res === undefined) {\n    res = isLegacyDevAccountPortalOrigin(hostname) || isCurrentDevAccountPortalOrigin(hostname);\n    accountPortalCache.set(hostname, res);\n  }\n\n  return res;\n}\n\nexport function getETLDPlusOneFromFrontendApi(frontendApi: string): string {\n  return frontendApi.replace('clerk.', '');\n}\n\ninterface BuildURLParams extends Partial<URL> {\n  base?: string;\n  hashPath?: string;\n  hashSearch?: string;\n  hashSearchParams?: URLSearchParams | Record<string, string> | Array<URLSearchParams | Record<string, string>>;\n}\n\ninterface BuildURLOptions<T> {\n  skipOrigin?: boolean;\n  stringify?: T;\n}\n\n/**\n *\n * buildURL(params: URLParams, options: BuildURLOptions): string\n *\n * Builds a URL safely by using the native URL() constructor. It can\n * also build a secondary path and search URL that lives inside the hash\n * of the main URL. For example:\n *\n * https://foo.com/bar?qux=42#/hash-bar?hash-qux=42\n *\n * References:\n * https://developer.mozilla.org/en-US/docs/Web/API/URL\n *\n * @param params\n * @param options\n * @returns Returns the URL href\n */\nexport function buildURL<B extends boolean>(\n  params: BuildURLParams,\n  options?: BuildURLOptions<B>,\n): B extends true ? string : URL;\n\nexport function buildURL(params: BuildURLParams, options: BuildURLOptions<boolean> = {}): URL | string {\n  const { base, hashPath, hashSearch, searchParams, hashSearchParams, ...rest } = params;\n\n  let fallbackBase = '';\n  // This check is necessary for React native environments where window is undefined.\n  // TODO: Refactor all window and document usages in clerk-js and import them from\n  // a single file that will be mocked easily in React native environments.\n  if (typeof window !== 'undefined' && !!window.location) {\n    fallbackBase = window.location.href;\n  } else {\n    fallbackBase = 'http://react-native-fake-base-url';\n  }\n\n  const url = new URL(base || '', fallbackBase);\n\n  // Properly copy URLSearchParams\n  if (searchParams instanceof URLSearchParams) {\n    searchParams.forEach((value, key) => {\n      if (value !== null && value !== undefined) {\n        url.searchParams.set(camelToSnake(key), value);\n      }\n    });\n  }\n\n  Object.assign(url, rest);\n\n  // Treat that hash part of the main URL as if it's another URL with a pathname and a search.\n  // Another nested hash inside the top level hash (e.g. #my-hash#my-second-hash) is currently\n  // not supported as there is no use case for it yet.\n  if (hashPath || hashSearch || hashSearchParams) {\n    // Parse the hash to a URL object\n    const dummyUrlForHash = new URL(DUMMY_URL_BASE + url.hash.substring(1));\n\n    // Join the current hash path and with the provided one\n    dummyUrlForHash.pathname = joinPaths(dummyUrlForHash.pathname, hashPath || '');\n\n    // Merge search params from hashSearch string\n    const searchParamsFromHashSearchString = getQueryParams(hashSearch || '');\n    for (const [key, val] of Object.entries(searchParamsFromHashSearchString)) {\n      dummyUrlForHash.searchParams.append(key, val);\n    }\n\n    // Merge search params from the hashSearchParams object\n    if (hashSearchParams) {\n      const paramsArr = Array.isArray(hashSearchParams) ? hashSearchParams : [hashSearchParams];\n      for (const _params of paramsArr) {\n        if (!(_params instanceof URLSearchParams) && typeof _params !== 'object') {\n          continue;\n        }\n        const params = new URLSearchParams(_params);\n        params.forEach((value, key) => {\n          if (value !== null && value !== undefined) {\n            dummyUrlForHash.searchParams.set(camelToSnake(key), value);\n          }\n        });\n      }\n    }\n\n    // Keep just the pathname and the  search\n    const newHash = dummyUrlForHash.href.replace(DUMMY_URL_BASE, '');\n\n    // if the hash is `/`, it means that nothing new was added to the hash\n    // so we can skip assigning it to the hash of the main url\n    if (newHash !== '/') {\n      // Assign them to the hash of the main url\n      url.hash = newHash;\n    }\n  }\n\n  const { stringify, skipOrigin } = options;\n  if (stringify) {\n    return skipOrigin ? url.href.replace(url.origin, '') : url.href;\n  }\n  return url;\n}\n\nexport function toURL(url: string | URL): URL {\n  return new URL(url.toString(), window.location.origin);\n}\n\n/**\n *\n * stripOrigin(url: URL | string): string\n *\n * Strips the origin part of a URL and preserves path, search and hash is applicable\n *\n * References:\n * https://developer.mozilla.org/en-US/docs/Web/API/URL\n *\n * @param url\n * @returns Returns the URL href without the origin\n */\nexport function stripOrigin(url: URL | string): string {\n  // In non-browser environments `window.location.origin` might not be available\n  // if not polyfilled, so we can't construct a URL object with the `url` string\n  // note: in that case, we can't easily strip the origin, so we return the original string\n  if (typeof window.location === 'undefined' && typeof url === 'string') {\n    return url;\n  }\n\n  url = toURL(url);\n  return url.href.replace(url.origin, '');\n}\n\n/**\n * trimTrailingSlash(path: string): string\n *\n * Strips the trailing slashes from a string\n *\n * @returns Returns the string without trailing slashes\n *\n * @param path\n */\nexport const trimTrailingSlash = (path: string): string => {\n  return (path || '').replace(/\\/+$/, '');\n};\n\n/**\n * trimLeadingSlash(path: string): string\n *\n * Strips the leading slashes from a string\n *\n * @returns Returns the string without leading slashes\n *\n * @param path\n */\nexport const trimLeadingSlash = (path: string): string => {\n  return (path || '').replace(/^\\/+/, '');\n};\n\nexport const hasExternalAccountSignUpError = (signUp: SignUpResource): boolean => {\n  const { externalAccount } = signUp.verifications;\n  return !!externalAccount.error;\n};\n\nexport function getSearchParameterFromHash({\n  hash = window.location.hash,\n  paramName,\n}: {\n  hash?: string;\n  paramName: string;\n}) {\n  const h = hash.startsWith('#') ? hash.substring(1) : hash;\n  const dummyUrlForHash = new URL(h, DUMMY_URL_BASE);\n  return dummyUrlForHash.searchParams.get(paramName);\n}\n\nexport function isValidUrl(val: string | URL | undefined | null): boolean {\n  if (!val) {\n    return false;\n  }\n\n  try {\n    new URL(val as string);\n    return true;\n  } catch {\n    return false;\n  }\n}\n\nexport function relativeToAbsoluteUrl(url: string, origin: string | URL): URL {\n  try {\n    return new URL(url);\n  } catch {\n    return new URL(url, origin);\n  }\n}\n\n// Regular expression to detect disallowed patterns\nconst disallowedPatterns = [\n  /\\0/, // Null bytes\n  /^\\/\\//, // Protocol-relative\n  // eslint-disable-next-line no-control-regex\n  /[\\x00-\\x1F]/, // Control characters\n];\n\n/**\n * Check for potentially problematic URLs that could have been crafted to intentionally bypass the origin check. Note that the URLs passed to this\n * function are assumed to be from an \"allowed origin\", so we are not executing origin-specific checks here.\n */\nexport function isProblematicUrl(url: URL): boolean {\n  if (hasBannedProtocol(url)) {\n    return true;\n  }\n  // Check against disallowed patterns\n  for (const pattern of disallowedPatterns) {\n    if (pattern.test(url.pathname)) {\n      return true;\n    }\n  }\n\n  return false;\n}\n\nexport function isDataUri(val?: string): val is string {\n  if (!val || !isValidUrl(val)) {\n    return false;\n  }\n\n  return new URL(val).protocol === 'data:';\n}\n\n/**\n * Checks if a URL uses javascript: protocol.\n * This prevents some XSS attacks through javascript: URLs.\n *\n * IMPORTANT: This does not check for `data:` or other protocols which\n * are dangerous if used for links or setting the window location.\n *\n * @param val - The URL to check\n * @returns True if the URL contains a banned protocol, false otherwise\n */\nexport function hasBannedProtocol(val: string | URL) {\n  if (!isValidUrl(val)) {\n    return false;\n  }\n  const protocol = new URL(val).protocol;\n  return BANNED_URI_PROTOCOLS.some(bp => bp === protocol);\n}\n\n/**\n * Checks if a URL contains a banned protocol for href attributes in links.\n * This prevents some XSS attacks through javascript:, data:, vbscript:, and blob: URLs.\n *\n * @param val - The URL to check\n * @returns True if the URL contains a banned protocol, false otherwise\n */\nexport function hasBannedHrefProtocol(val: string | URL): boolean {\n  if (!isValidUrl(val)) {\n    return false;\n  }\n  const protocol = new URL(val).protocol;\n  return BANNED_HREF_PROTOCOLS.some(bp => bp === protocol);\n}\n\n/**\n * Sanitizes an href value by checking for dangerous protocols.\n * Returns null if the href contains a dangerous protocol, otherwise returns the original href.\n * This prevents some XSS attacks through javascript:, data:, vbscript:, and blob: URLs.\n *\n * @param href - The href value to sanitize\n * @returns The sanitized href or null if dangerous\n */\nexport function sanitizeHref(href: string | undefined | null): string | null {\n  if (!href || href.trim() === '') {\n    return null;\n  }\n\n  // For relative URLs (starting with / or # or ?), allow them through\n  if (href.startsWith('/') || href.startsWith('#') || href.startsWith('?')) {\n    return href;\n  }\n\n  // For relative URLs without leading slash, allow them through\n  if (!href.includes(':')) {\n    return href;\n  }\n\n  // Check if it's a valid URL with a dangerous protocol\n  try {\n    const url = new URL(href);\n    if (hasBannedHrefProtocol(url)) {\n      return null;\n    }\n    return href;\n  } catch {\n    // If URL parsing fails, it's likely a relative URL or malformed\n    // Allow relative URLs through, but be cautious with malformed ones\n    return href;\n  }\n}\n\nexport const hasUrlInFragment = (_url: URL | string) => {\n  return new URL(_url, DUMMY_URL_BASE).hash.startsWith('#/');\n};\n\n/**\n * Creates a new URL by merging a fragment-based URL, if found.\n * The result URL has the original and the fragment pathnames appended\n * and also includes all search params from both places.\n *\n * @example\n * ```ts\n * mergeFragmentIntoUrl('https://accounts.clerk.com/sign-in?user_param=hello#/verify/factor-one?redirect_url=/protected')\n * // Returns: 'https://accounts.clerk.com/sign-in/verify/factor-one?user_param=hello&redirect_url=/protected'\n * ```\n */\nexport const mergeFragmentIntoUrl = (_url: string | URL): URL => {\n  const url = new URL(_url);\n\n  if (!hasUrlInFragment(url)) {\n    return url;\n  }\n\n  const fragmentUrl = new URL(url.hash.replace('#/', '/'), url.href);\n  const mergedPathname = [url.pathname, fragmentUrl.pathname]\n    .map(s => s.split('/'))\n    .flat()\n    .filter(Boolean)\n    .join('/');\n\n  const mergedUrl = new URL(mergedPathname, url.origin);\n\n  url.searchParams.forEach((val, key) => {\n    mergedUrl.searchParams.set(key, val);\n  });\n\n  fragmentUrl.searchParams.forEach((val, key) => {\n    mergedUrl.searchParams.set(key, val);\n  });\n\n  return mergedUrl;\n};\n\nexport const pathFromFullPath = (fullPath: string) => {\n  return fullPath.replace(/CLERK-ROUTER\\/(.*?)\\//, '');\n};\n\nconst frontendApiRedirectPathsWithUserInput: string[] = [\n  '/oauth/authorize', // OAuth2 identify provider flow\n];\n\nconst frontendApiRedirectPathsNoUserInput: string[] = [\n  '/v1/verify', // magic links\n  '/v1/tickets/accept', // ticket flow\n  '/oauth/authorize-with-immediate-redirect', // OAuth 2 identity provider\n  '/oauth/end_session', // OIDC logout\n];\n\nexport function isRedirectForFAPIInitiatedFlow(frontendApi: string, redirectUrl: string): boolean {\n  const url = new URL(redirectUrl, DUMMY_URL_BASE);\n  const path = url.pathname;\n\n  const isValidFrontendRedirectPath =\n    frontendApiRedirectPathsWithUserInput.includes(path) || frontendApiRedirectPathsNoUserInput.includes(path);\n  return frontendApi === url.host && isValidFrontendRedirectPath;\n}\n\nexport function requiresUserInput(redirectUrl: string): boolean {\n  const url = new URL(redirectUrl, DUMMY_URL_BASE);\n  return frontendApiRedirectPathsWithUserInput.includes(url.pathname);\n}\n\nexport const isAllowedRedirect =\n  (allowedRedirectOrigins: Array<string | RegExp> | undefined, currentOrigin: string) => (_url: URL | string) => {\n    let url = _url;\n    if (typeof url === 'string') {\n      url = relativeToAbsoluteUrl(url, currentOrigin);\n    }\n\n    if (!allowedRedirectOrigins) {\n      return true;\n    }\n\n    const isSameOrigin = currentOrigin === url.origin;\n\n    const isAllowed =\n      !isProblematicUrl(url) &&\n      (isSameOrigin ||\n        allowedRedirectOrigins\n          .map(origin => (typeof origin === 'string' ? globs.toRegexp(trimTrailingSlash(origin)) : origin))\n          .some(origin => origin.test(trimTrailingSlash(url.origin))));\n\n    if (!isAllowed) {\n      logger.warnOnce(\n        `Clerk: Redirect URL ${url} is not on one of the allowedRedirectOrigins, falling back to the default redirect URL.`,\n      );\n    }\n    return isAllowed;\n  };\n\nexport function createAllowedRedirectOrigins(\n  allowedRedirectOrigins: Array<string | RegExp> | undefined,\n  frontendApi: string,\n  instanceType?: string,\n): (string | RegExp)[] | undefined {\n  if (Array.isArray(allowedRedirectOrigins) && !!allowedRedirectOrigins.length) {\n    return allowedRedirectOrigins;\n  }\n\n  const origins: string[] = [];\n  if (typeof window !== 'undefined' && !!window.location) {\n    origins.push(window.location.origin);\n  }\n\n  origins.push(`https://${getETLDPlusOneFromFrontendApi(frontendApi)}`);\n  origins.push(`https://*.${getETLDPlusOneFromFrontendApi(frontendApi)}`);\n\n  if (instanceType === 'development') {\n    origins.push(`https://${frontendApi}`);\n  }\n\n  return origins;\n}\n"],"mappings":";;;;;;;;;AAkBA,MAAM,iBAAiB;AAEvB,MAAM,uBAAuB,CAAC,cAAc;AAG5C,MAAM,wBAAwB;CAAC;CAAe;CAAS;CAAa;CAAQ;AAE5E,MAAM,EAAE,sBAAsB,4BAA4B;AAE1D,MAAM,qCAAqB,IAAI,KAAsB;AAErD,SAAgB,yBAAyB,WAAmB,OAAO,SAAS,UAAmB;AAC7F,KAAI,CAAC,SACH,QAAO;CAGT,IAAI,MAAM,mBAAmB,IAAI,SAAS;AAE1C,KAAI,QAAQ,QAAW;AACrB,QAAM,+BAA+B,SAAS,IAAI,gCAAgC,SAAS;AAC3F,qBAAmB,IAAI,UAAU,IAAI;;AAGvC,QAAO;;AAGT,SAAgB,8BAA8B,aAA6B;AACzE,QAAO,YAAY,QAAQ,UAAU,GAAG;;AAqC1C,SAAgB,SAAS,QAAwB,UAAoC,EAAE,EAAgB;CACrG,MAAM,EAAE,MAAM,UAAU,YAAY,cAAc,iBAAkB,GAAG,SAAS;CAEhF,IAAI,eAAe;AAInB,KAAI,OAAO,WAAW,eAAe,CAAC,CAAC,OAAO,SAC5C,gBAAe,OAAO,SAAS;KAE/B,gBAAe;CAGjB,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI,aAAa;AAG7C,KAAI,wBAAwB,gBAC1B,cAAa,SAAS,OAAO,QAAQ;AACnC,MAAI,UAAU,QAAQ,UAAU,OAC9B,KAAI,aAAa,IAAI,aAAa,IAAI,EAAE,MAAM;GAEhD;AAGJ,QAAO,OAAO,KAAK,KAAK;AAKxB,KAAI,YAAY,cAAc,kBAAkB;EAE9C,MAAM,kBAAkB,IAAI,IAAI,iBAAiB,IAAI,KAAK,UAAU,EAAE,CAAC;AAGvE,kBAAgB,WAAW,UAAU,gBAAgB,UAAU,YAAY,GAAG;EAG9E,MAAM,mCAAmC,eAAe,cAAc,GAAG;AACzE,OAAK,MAAM,CAAC,KAAK,QAAQ,OAAO,QAAQ,iCAAiC,CACvE,iBAAgB,aAAa,OAAO,KAAK,IAAI;AAI/C,MAAI,kBAAkB;GACpB,MAAM,YAAY,MAAM,QAAQ,iBAAiB,GAAG,mBAAmB,CAAC,iBAAiB;AACzF,QAAK,MAAM,WAAW,WAAW;AAC/B,QAAI,EAAE,mBAAmB,oBAAoB,OAAO,YAAY,SAC9D;AAGF,IADe,IAAI,gBAAgB,QAAQ,CACpC,SAAS,OAAO,QAAQ;AAC7B,SAAI,UAAU,QAAQ,UAAU,OAC9B,iBAAgB,aAAa,IAAI,aAAa,IAAI,EAAE,MAAM;MAE5D;;;EAKN,MAAM,UAAU,gBAAgB,KAAK,QAAQ,gBAAgB,GAAG;AAIhE,MAAI,YAAY,IAEd,KAAI,OAAO;;CAIf,MAAM,EAAE,WAAW,eAAe;AAClC,KAAI,UACF,QAAO,aAAa,IAAI,KAAK,QAAQ,IAAI,QAAQ,GAAG,GAAG,IAAI;AAE7D,QAAO;;AAGT,SAAgB,MAAM,KAAwB;AAC5C,QAAO,IAAI,IAAI,IAAI,UAAU,EAAE,OAAO,SAAS,OAAO;;;;;;;;;;;;;;AAexD,SAAgB,YAAY,KAA2B;AAIrD,KAAI,OAAO,OAAO,aAAa,eAAe,OAAO,QAAQ,SAC3D,QAAO;AAGT,OAAM,MAAM,IAAI;AAChB,QAAO,IAAI,KAAK,QAAQ,IAAI,QAAQ,GAAG;;;;;;;;;;;AAYzC,MAAa,qBAAqB,SAAyB;AACzD,SAAQ,QAAQ,IAAI,QAAQ,QAAQ,GAAG;;;;;;;;;;;AAYzC,MAAa,oBAAoB,SAAyB;AACxD,SAAQ,QAAQ,IAAI,QAAQ,QAAQ,GAAG;;AAGzC,MAAa,iCAAiC,WAAoC;CAChF,MAAM,EAAE,oBAAoB,OAAO;AACnC,QAAO,CAAC,CAAC,gBAAgB;;AAG3B,SAAgB,2BAA2B,EACzC,OAAO,OAAO,SAAS,MACvB,aAIC;CACD,MAAM,IAAI,KAAK,WAAW,IAAI,GAAG,KAAK,UAAU,EAAE,GAAG;AAErD,QADwB,IAAI,IAAI,GAAG,eAAe,CAC3B,aAAa,IAAI,UAAU;;AAGpD,SAAgB,WAAW,KAA+C;AACxE,KAAI,CAAC,IACH,QAAO;AAGT,KAAI;AACF,MAAI,IAAI,IAAc;AACtB,SAAO;SACD;AACN,SAAO;;;AAIX,SAAgB,sBAAsB,KAAa,QAA2B;AAC5E,KAAI;AACF,SAAO,IAAI,IAAI,IAAI;SACb;AACN,SAAO,IAAI,IAAI,KAAK,OAAO;;;AAK/B,MAAM,qBAAqB;CACzB;CACA;CAEA;CACD;;;;;AAMD,SAAgB,iBAAiB,KAAmB;AAClD,KAAI,kBAAkB,IAAI,CACxB,QAAO;AAGT,MAAK,MAAM,WAAW,mBACpB,KAAI,QAAQ,KAAK,IAAI,SAAS,CAC5B,QAAO;AAIX,QAAO;;AAGT,SAAgB,UAAU,KAA6B;AACrD,KAAI,CAAC,OAAO,CAAC,WAAW,IAAI,CAC1B,QAAO;AAGT,QAAO,IAAI,IAAI,IAAI,CAAC,aAAa;;;;;;;;;;;;AAanC,SAAgB,kBAAkB,KAAmB;AACnD,KAAI,CAAC,WAAW,IAAI,CAClB,QAAO;CAET,MAAM,WAAW,IAAI,IAAI,IAAI,CAAC;AAC9B,QAAO,qBAAqB,MAAK,OAAM,OAAO,SAAS;;;;;;;;;AAUzD,SAAgB,sBAAsB,KAA4B;AAChE,KAAI,CAAC,WAAW,IAAI,CAClB,QAAO;CAET,MAAM,WAAW,IAAI,IAAI,IAAI,CAAC;AAC9B,QAAO,sBAAsB,MAAK,OAAM,OAAO,SAAS;;;;;;;;;;AAW1D,SAAgB,aAAa,MAAgD;AAC3E,KAAI,CAAC,QAAQ,KAAK,MAAM,KAAK,GAC3B,QAAO;AAIT,KAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,CACtE,QAAO;AAIT,KAAI,CAAC,KAAK,SAAS,IAAI,CACrB,QAAO;AAIT,KAAI;AAEF,MAAI,sBADQ,IAAI,IAAI,KAAK,CACK,CAC5B,QAAO;AAET,SAAO;SACD;AAGN,SAAO;;;AAIX,MAAa,oBAAoB,SAAuB;AACtD,QAAO,IAAI,IAAI,MAAM,eAAe,CAAC,KAAK,WAAW,KAAK;;;;;;;;;;;;;AAc5D,MAAa,wBAAwB,SAA4B;CAC/D,MAAM,MAAM,IAAI,IAAI,KAAK;AAEzB,KAAI,CAAC,iBAAiB,IAAI,CACxB,QAAO;CAGT,MAAM,cAAc,IAAI,IAAI,IAAI,KAAK,QAAQ,MAAM,IAAI,EAAE,IAAI,KAAK;CAClE,MAAM,iBAAiB,CAAC,IAAI,UAAU,YAAY,SAAS,CACxD,KAAI,MAAK,EAAE,MAAM,IAAI,CAAC,CACtB,MAAM,CACN,OAAO,QAAQ,CACf,KAAK,IAAI;CAEZ,MAAM,YAAY,IAAI,IAAI,gBAAgB,IAAI,OAAO;AAErD,KAAI,aAAa,SAAS,KAAK,QAAQ;AACrC,YAAU,aAAa,IAAI,KAAK,IAAI;GACpC;AAEF,aAAY,aAAa,SAAS,KAAK,QAAQ;AAC7C,YAAU,aAAa,IAAI,KAAK,IAAI;GACpC;AAEF,QAAO;;AAGT,MAAa,oBAAoB,aAAqB;AACpD,QAAO,SAAS,QAAQ,yBAAyB,GAAG;;AAGtD,MAAMA,wCAAkD,CACtD,mBACD;AAED,MAAMC,sCAAgD;CACpD;CACA;CACA;CACA;CACD;AAED,SAAgB,+BAA+B,aAAqB,aAA8B;CAChG,MAAM,MAAM,IAAI,IAAI,aAAa,eAAe;CAChD,MAAM,OAAO,IAAI;CAEjB,MAAM,8BACJ,sCAAsC,SAAS,KAAK,IAAI,oCAAoC,SAAS,KAAK;AAC5G,QAAO,gBAAgB,IAAI,QAAQ;;AAGrC,SAAgB,kBAAkB,aAA8B;CAC9D,MAAM,MAAM,IAAI,IAAI,aAAa,eAAe;AAChD,QAAO,sCAAsC,SAAS,IAAI,SAAS;;AAGrE,MAAa,qBACV,wBAA4D,mBAA2B,SAAuB;CAC7G,IAAI,MAAM;AACV,KAAI,OAAO,QAAQ,SACjB,OAAM,sBAAsB,KAAK,cAAc;AAGjD,KAAI,CAAC,uBACH,QAAO;CAGT,MAAM,eAAe,kBAAkB,IAAI;CAE3C,MAAM,YACJ,CAAC,iBAAiB,IAAI,KACrB,gBACC,uBACG,KAAI,WAAW,OAAO,WAAW,WAAW,MAAM,SAAS,kBAAkB,OAAO,CAAC,GAAG,OAAQ,CAChG,MAAK,WAAU,OAAO,KAAK,kBAAkB,IAAI,OAAO,CAAC,CAAC;AAEjE,KAAI,CAAC,UACH,QAAO,SACL,uBAAuB,IAAI,yFAC5B;AAEH,QAAO;;AAGX,SAAgB,6BACd,wBACA,aACA,cACiC;AACjC,KAAI,MAAM,QAAQ,uBAAuB,IAAI,CAAC,CAAC,uBAAuB,OACpE,QAAO;CAGT,MAAMC,UAAoB,EAAE;AAC5B,KAAI,OAAO,WAAW,eAAe,CAAC,CAAC,OAAO,SAC5C,SAAQ,KAAK,OAAO,SAAS,OAAO;AAGtC,SAAQ,KAAK,WAAW,8BAA8B,YAAY,GAAG;AACrE,SAAQ,KAAK,aAAa,8BAA8B,YAAY,GAAG;AAEvE,KAAI,iBAAiB,cACnB,SAAQ,KAAK,WAAW,cAAc;AAGxC,QAAO"}

package/dist/runtime/{url-DeGY-7z9.js → url-De4o_RSN.js}

@@ -3,8 +3,8 @@ const require_globs = require('./globs-CSLtaQj6.js');
 const require_url = require('./url-DwWU8E5q.js');
 const require_logger = require('./logger-CiGhgX5H.js');
 const require_underscore = require('./underscore-moIbQc1H.js');
-const require_path = require('./path-BXMzEDID.js');
-const require_querystring = require('./querystring-_iskl3P0.js');
+const require_path = require('./path-BZX8wVkr.js');
+const require_querystring = require('./querystring-B_piPsHv.js');
 
 //#region src/internal/clerk-js/url.ts
 const DUMMY_URL_BASE = "http://clerk-dummy";
@@ -404,4 +404,4 @@ Object.defineProperty(exports, 'trimTrailingSlash', {
     return trimTrailingSlash;
   }
 });
-//# sourceMappingURL=url-DeGY-7z9.js.map
+//# sourceMappingURL=url-De4o_RSN.js.map

package/dist/runtime/{url-DeGY-7z9.js.map → url-De4o_RSN.js.map}

@@ -1 +1 @@
-{"version":3,"file":"url-DeGY-7z9.js","names":["createDevOrStagingUrlCache","isLegacyDevAccountPortalOrigin","isCurrentDevAccountPortalOrigin","camelToSnake","joinPaths","getQueryParams","frontendApiRedirectPathsWithUserInput: string[]","frontendApiRedirectPathsNoUserInput: string[]","globs","origins: string[]"],"sources":["../../src/internal/clerk-js/url.ts"],"sourcesContent":["import { globs } from '../../globs';\nimport { createDevOrStagingUrlCache } from '../../keys';\nimport { logger } from '../../logger';\nimport type { SignUpResource } from '../../types';\nimport { camelToSnake } from '../../underscore';\nimport { isCurrentDevAccountPortalOrigin, isLegacyDevAccountPortalOrigin } from '../../url';\nimport { joinPaths } from './path';\nimport { getQueryParams } from './querystring';\n\ndeclare global {\n  export interface Window {\n    tldts: {\n      getDomain(hostname: string, { allowPrivateDomains }: { allowPrivateDomains: boolean }): string;\n    };\n  }\n}\n\n// This is used as a dummy base when we need to invoke \"new URL()\" but we don't care about the URL origin.\nconst DUMMY_URL_BASE = 'http://clerk-dummy';\n\nconst BANNED_URI_PROTOCOLS = ['javascript:'] as const;\n\n// Protocols that are dangerous specifically for href attributes in links\nconst BANNED_HREF_PROTOCOLS = ['javascript:', 'data:', 'vbscript:', 'blob:'] as const;\n\nconst { isDevOrStagingUrl } = createDevOrStagingUrlCache();\nexport { isDevOrStagingUrl };\nconst accountPortalCache = new Map<string, boolean>();\n\nexport function isDevAccountPortalOrigin(hostname: string = window.location.hostname): boolean {\n  if (!hostname) {\n    return false;\n  }\n\n  let res = accountPortalCache.get(hostname);\n\n  if (res === undefined) {\n    res = isLegacyDevAccountPortalOrigin(hostname) || isCurrentDevAccountPortalOrigin(hostname);\n    accountPortalCache.set(hostname, res);\n  }\n\n  return res;\n}\n\nexport function getETLDPlusOneFromFrontendApi(frontendApi: string): string {\n  return frontendApi.replace('clerk.', '');\n}\n\ninterface BuildURLParams extends Partial<URL> {\n  base?: string;\n  hashPath?: string;\n  hashSearch?: string;\n  hashSearchParams?: URLSearchParams | Record<string, string> | Array<URLSearchParams | Record<string, string>>;\n}\n\ninterface BuildURLOptions<T> {\n  skipOrigin?: boolean;\n  stringify?: T;\n}\n\n/**\n *\n * buildURL(params: URLParams, options: BuildURLOptions): string\n *\n * Builds a URL safely by using the native URL() constructor. It can\n * also build a secondary path and search URL that lives inside the hash\n * of the main URL. For example:\n *\n * https://foo.com/bar?qux=42#/hash-bar?hash-qux=42\n *\n * References:\n * https://developer.mozilla.org/en-US/docs/Web/API/URL\n *\n * @param params\n * @param options\n * @returns Returns the URL href\n */\nexport function buildURL<B extends boolean>(\n  params: BuildURLParams,\n  options?: BuildURLOptions<B>,\n): B extends true ? string : URL;\n\nexport function buildURL(params: BuildURLParams, options: BuildURLOptions<boolean> = {}): URL | string {\n  const { base, hashPath, hashSearch, searchParams, hashSearchParams, ...rest } = params;\n\n  let fallbackBase = '';\n  // This check is necessary for React native environments where window is undefined.\n  // TODO: Refactor all window and document usages in clerk-js and import them from\n  // a single file that will be mocked easily in React native environments.\n  if (typeof window !== 'undefined' && !!window.location) {\n    fallbackBase = window.location.href;\n  } else {\n    fallbackBase = 'http://react-native-fake-base-url';\n  }\n\n  const url = new URL(base || '', fallbackBase);\n\n  // Properly copy URLSearchParams\n  if (searchParams instanceof URLSearchParams) {\n    searchParams.forEach((value, key) => {\n      if (value !== null && value !== undefined) {\n        url.searchParams.set(camelToSnake(key), value);\n      }\n    });\n  }\n\n  Object.assign(url, rest);\n\n  // Treat that hash part of the main URL as if it's another URL with a pathname and a search.\n  // Another nested hash inside the top level hash (e.g. #my-hash#my-second-hash) is currently\n  // not supported as there is no use case for it yet.\n  if (hashPath || hashSearch || hashSearchParams) {\n    // Parse the hash to a URL object\n    const dummyUrlForHash = new URL(DUMMY_URL_BASE + url.hash.substring(1));\n\n    // Join the current hash path and with the provided one\n    dummyUrlForHash.pathname = joinPaths(dummyUrlForHash.pathname, hashPath || '');\n\n    // Merge search params from hashSearch string\n    const searchParamsFromHashSearchString = getQueryParams(hashSearch || '');\n    for (const [key, val] of Object.entries(searchParamsFromHashSearchString)) {\n      dummyUrlForHash.searchParams.append(key, val);\n    }\n\n    // Merge search params from the hashSearchParams object\n    if (hashSearchParams) {\n      const paramsArr = Array.isArray(hashSearchParams) ? hashSearchParams : [hashSearchParams];\n      for (const _params of paramsArr) {\n        if (!(_params instanceof URLSearchParams) && typeof _params !== 'object') {\n          continue;\n        }\n        const params = new URLSearchParams(_params);\n        params.forEach((value, key) => {\n          if (value !== null && value !== undefined) {\n            dummyUrlForHash.searchParams.set(camelToSnake(key), value);\n          }\n        });\n      }\n    }\n\n    // Keep just the pathname and the  search\n    const newHash = dummyUrlForHash.href.replace(DUMMY_URL_BASE, '');\n\n    // if the hash is `/`, it means that nothing new was added to the hash\n    // so we can skip assigning it to the hash of the main url\n    if (newHash !== '/') {\n      // Assign them to the hash of the main url\n      url.hash = newHash;\n    }\n  }\n\n  const { stringify, skipOrigin } = options;\n  if (stringify) {\n    return skipOrigin ? url.href.replace(url.origin, '') : url.href;\n  }\n  return url;\n}\n\nexport function toURL(url: string | URL): URL {\n  return new URL(url.toString(), window.location.origin);\n}\n\n/**\n *\n * stripOrigin(url: URL | string): string\n *\n * Strips the origin part of a URL and preserves path, search and hash is applicable\n *\n * References:\n * https://developer.mozilla.org/en-US/docs/Web/API/URL\n *\n * @param url\n * @returns Returns the URL href without the origin\n */\nexport function stripOrigin(url: URL | string): string {\n  // In non-browser environments `window.location.origin` might not be available\n  // if not polyfilled, so we can't construct a URL object with the `url` string\n  // note: in that case, we can't easily strip the origin, so we return the original string\n  if (typeof window.location === 'undefined' && typeof url === 'string') {\n    return url;\n  }\n\n  url = toURL(url);\n  return url.href.replace(url.origin, '');\n}\n\n/**\n * trimTrailingSlash(path: string): string\n *\n * Strips the trailing slashes from a string\n *\n * @returns Returns the string without trailing slashes\n *\n * @param path\n */\nexport const trimTrailingSlash = (path: string): string => {\n  return (path || '').replace(/\\/+$/, '');\n};\n\n/**\n * trimLeadingSlash(path: string): string\n *\n * Strips the leading slashes from a string\n *\n * @returns Returns the string without leading slashes\n *\n * @param path\n */\nexport const trimLeadingSlash = (path: string): string => {\n  return (path || '').replace(/^\\/+/, '');\n};\n\nexport const hasExternalAccountSignUpError = (signUp: SignUpResource): boolean => {\n  const { externalAccount } = signUp.verifications;\n  return !!externalAccount.error;\n};\n\nexport function getSearchParameterFromHash({\n  hash = window.location.hash,\n  paramName,\n}: {\n  hash?: string;\n  paramName: string;\n}) {\n  const h = hash.startsWith('#') ? hash.substring(1) : hash;\n  const dummyUrlForHash = new URL(h, DUMMY_URL_BASE);\n  return dummyUrlForHash.searchParams.get(paramName);\n}\n\nexport function isValidUrl(val: string | URL | undefined | null): boolean {\n  if (!val) {\n    return false;\n  }\n\n  try {\n    new URL(val as string);\n    return true;\n  } catch {\n    return false;\n  }\n}\n\nexport function relativeToAbsoluteUrl(url: string, origin: string | URL): URL {\n  try {\n    return new URL(url);\n  } catch {\n    return new URL(url, origin);\n  }\n}\n\n// Regular expression to detect disallowed patterns\nconst disallowedPatterns = [\n  /\\0/, // Null bytes\n  /^\\/\\//, // Protocol-relative\n  // eslint-disable-next-line no-control-regex\n  /[\\x00-\\x1F]/, // Control characters\n];\n\n/**\n * Check for potentially problematic URLs that could have been crafted to intentionally bypass the origin check. Note that the URLs passed to this\n * function are assumed to be from an \"allowed origin\", so we are not executing origin-specific checks here.\n */\nexport function isProblematicUrl(url: URL): boolean {\n  if (hasBannedProtocol(url)) {\n    return true;\n  }\n  // Check against disallowed patterns\n  for (const pattern of disallowedPatterns) {\n    if (pattern.test(url.pathname)) {\n      return true;\n    }\n  }\n\n  return false;\n}\n\nexport function isDataUri(val?: string): val is string {\n  if (!val || !isValidUrl(val)) {\n    return false;\n  }\n\n  return new URL(val).protocol === 'data:';\n}\n\n/**\n * Checks if a URL uses javascript: protocol.\n * This prevents some XSS attacks through javascript: URLs.\n *\n * IMPORTANT: This does not check for `data:` or other protocols which\n * are dangerous if used for links or setting the window location.\n *\n * @param val - The URL to check\n * @returns True if the URL contains a banned protocol, false otherwise\n */\nexport function hasBannedProtocol(val: string | URL) {\n  if (!isValidUrl(val)) {\n    return false;\n  }\n  const protocol = new URL(val).protocol;\n  return BANNED_URI_PROTOCOLS.some(bp => bp === protocol);\n}\n\n/**\n * Checks if a URL contains a banned protocol for href attributes in links.\n * This prevents some XSS attacks through javascript:, data:, vbscript:, and blob: URLs.\n *\n * @param val - The URL to check\n * @returns True if the URL contains a banned protocol, false otherwise\n */\nexport function hasBannedHrefProtocol(val: string | URL): boolean {\n  if (!isValidUrl(val)) {\n    return false;\n  }\n  const protocol = new URL(val).protocol;\n  return BANNED_HREF_PROTOCOLS.some(bp => bp === protocol);\n}\n\n/**\n * Sanitizes an href value by checking for dangerous protocols.\n * Returns null if the href contains a dangerous protocol, otherwise returns the original href.\n * This prevents some XSS attacks through javascript:, data:, vbscript:, and blob: URLs.\n *\n * @param href - The href value to sanitize\n * @returns The sanitized href or null if dangerous\n */\nexport function sanitizeHref(href: string | undefined | null): string | null {\n  if (!href || href.trim() === '') {\n    return null;\n  }\n\n  // For relative URLs (starting with / or # or ?), allow them through\n  if (href.startsWith('/') || href.startsWith('#') || href.startsWith('?')) {\n    return href;\n  }\n\n  // For relative URLs without leading slash, allow them through\n  if (!href.includes(':')) {\n    return href;\n  }\n\n  // Check if it's a valid URL with a dangerous protocol\n  try {\n    const url = new URL(href);\n    if (hasBannedHrefProtocol(url)) {\n      return null;\n    }\n    return href;\n  } catch {\n    // If URL parsing fails, it's likely a relative URL or malformed\n    // Allow relative URLs through, but be cautious with malformed ones\n    return href;\n  }\n}\n\nexport const hasUrlInFragment = (_url: URL | string) => {\n  return new URL(_url, DUMMY_URL_BASE).hash.startsWith('#/');\n};\n\n/**\n * Creates a new URL by merging a fragment-based URL, if found.\n * The result URL has the original and the fragment pathnames appended\n * and also includes all search params from both places.\n *\n * @example\n * ```ts\n * mergeFragmentIntoUrl('https://accounts.clerk.com/sign-in?user_param=hello#/verify/factor-one?redirect_url=/protected')\n * // Returns: 'https://accounts.clerk.com/sign-in/verify/factor-one?user_param=hello&redirect_url=/protected'\n * ```\n */\nexport const mergeFragmentIntoUrl = (_url: string | URL): URL => {\n  const url = new URL(_url);\n\n  if (!hasUrlInFragment(url)) {\n    return url;\n  }\n\n  const fragmentUrl = new URL(url.hash.replace('#/', '/'), url.href);\n  const mergedPathname = [url.pathname, fragmentUrl.pathname]\n    .map(s => s.split('/'))\n    .flat()\n    .filter(Boolean)\n    .join('/');\n\n  const mergedUrl = new URL(mergedPathname, url.origin);\n\n  url.searchParams.forEach((val, key) => {\n    mergedUrl.searchParams.set(key, val);\n  });\n\n  fragmentUrl.searchParams.forEach((val, key) => {\n    mergedUrl.searchParams.set(key, val);\n  });\n\n  return mergedUrl;\n};\n\nexport const pathFromFullPath = (fullPath: string) => {\n  return fullPath.replace(/CLERK-ROUTER\\/(.*?)\\//, '');\n};\n\nconst frontendApiRedirectPathsWithUserInput: string[] = [\n  '/oauth/authorize', // OAuth2 identify provider flow\n];\n\nconst frontendApiRedirectPathsNoUserInput: string[] = [\n  '/v1/verify', // magic links\n  '/v1/tickets/accept', // ticket flow\n  '/oauth/authorize-with-immediate-redirect', // OAuth 2 identity provider\n  '/oauth/end_session', // OIDC logout\n];\n\nexport function isRedirectForFAPIInitiatedFlow(frontendApi: string, redirectUrl: string): boolean {\n  const url = new URL(redirectUrl, DUMMY_URL_BASE);\n  const path = url.pathname;\n\n  const isValidFrontendRedirectPath =\n    frontendApiRedirectPathsWithUserInput.includes(path) || frontendApiRedirectPathsNoUserInput.includes(path);\n  return frontendApi === url.host && isValidFrontendRedirectPath;\n}\n\nexport function requiresUserInput(redirectUrl: string): boolean {\n  const url = new URL(redirectUrl, DUMMY_URL_BASE);\n  return frontendApiRedirectPathsWithUserInput.includes(url.pathname);\n}\n\nexport const isAllowedRedirect =\n  (allowedRedirectOrigins: Array<string | RegExp> | undefined, currentOrigin: string) => (_url: URL | string) => {\n    let url = _url;\n    if (typeof url === 'string') {\n      url = relativeToAbsoluteUrl(url, currentOrigin);\n    }\n\n    if (!allowedRedirectOrigins) {\n      return true;\n    }\n\n    const isSameOrigin = currentOrigin === url.origin;\n\n    const isAllowed =\n      !isProblematicUrl(url) &&\n      (isSameOrigin ||\n        allowedRedirectOrigins\n          .map(origin => (typeof origin === 'string' ? globs.toRegexp(trimTrailingSlash(origin)) : origin))\n          .some(origin => origin.test(trimTrailingSlash(url.origin))));\n\n    if (!isAllowed) {\n      logger.warnOnce(\n        `Clerk: Redirect URL ${url} is not on one of the allowedRedirectOrigins, falling back to the default redirect URL.`,\n      );\n    }\n    return isAllowed;\n  };\n\nexport function createAllowedRedirectOrigins(\n  allowedRedirectOrigins: Array<string | RegExp> | undefined,\n  frontendApi: string,\n  instanceType?: string,\n): (string | RegExp)[] | undefined {\n  if (Array.isArray(allowedRedirectOrigins) && !!allowedRedirectOrigins.length) {\n    return allowedRedirectOrigins;\n  }\n\n  const origins: string[] = [];\n  if (typeof window !== 'undefined' && !!window.location) {\n    origins.push(window.location.origin);\n  }\n\n  origins.push(`https://${getETLDPlusOneFromFrontendApi(frontendApi)}`);\n  origins.push(`https://*.${getETLDPlusOneFromFrontendApi(frontendApi)}`);\n\n  if (instanceType === 'development') {\n    origins.push(`https://${frontendApi}`);\n  }\n\n  return origins;\n}\n"],"mappings":";;;;;;;;;AAkBA,MAAM,iBAAiB;AAEvB,MAAM,uBAAuB,CAAC,cAAc;AAG5C,MAAM,wBAAwB;CAAC;CAAe;CAAS;CAAa;CAAQ;AAE5E,MAAM,EAAE,sBAAsBA,yCAA4B;AAE1D,MAAM,qCAAqB,IAAI,KAAsB;AAErD,SAAgB,yBAAyB,WAAmB,OAAO,SAAS,UAAmB;AAC7F,KAAI,CAAC,SACH,QAAO;CAGT,IAAI,MAAM,mBAAmB,IAAI,SAAS;AAE1C,KAAI,QAAQ,QAAW;AACrB,QAAMC,2CAA+B,SAAS,IAAIC,4CAAgC,SAAS;AAC3F,qBAAmB,IAAI,UAAU,IAAI;;AAGvC,QAAO;;AAGT,SAAgB,8BAA8B,aAA6B;AACzE,QAAO,YAAY,QAAQ,UAAU,GAAG;;AAqC1C,SAAgB,SAAS,QAAwB,UAAoC,EAAE,EAAgB;CACrG,MAAM,EAAE,MAAM,UAAU,YAAY,cAAc,iBAAkB,GAAG,SAAS;CAEhF,IAAI,eAAe;AAInB,KAAI,OAAO,WAAW,eAAe,CAAC,CAAC,OAAO,SAC5C,gBAAe,OAAO,SAAS;KAE/B,gBAAe;CAGjB,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI,aAAa;AAG7C,KAAI,wBAAwB,gBAC1B,cAAa,SAAS,OAAO,QAAQ;AACnC,MAAI,UAAU,QAAQ,UAAU,OAC9B,KAAI,aAAa,IAAIC,gCAAa,IAAI,EAAE,MAAM;GAEhD;AAGJ,QAAO,OAAO,KAAK,KAAK;AAKxB,KAAI,YAAY,cAAc,kBAAkB;EAE9C,MAAM,kBAAkB,IAAI,IAAI,iBAAiB,IAAI,KAAK,UAAU,EAAE,CAAC;AAGvE,kBAAgB,WAAWC,uBAAU,gBAAgB,UAAU,YAAY,GAAG;EAG9E,MAAM,mCAAmCC,mCAAe,cAAc,GAAG;AACzE,OAAK,MAAM,CAAC,KAAK,QAAQ,OAAO,QAAQ,iCAAiC,CACvE,iBAAgB,aAAa,OAAO,KAAK,IAAI;AAI/C,MAAI,kBAAkB;GACpB,MAAM,YAAY,MAAM,QAAQ,iBAAiB,GAAG,mBAAmB,CAAC,iBAAiB;AACzF,QAAK,MAAM,WAAW,WAAW;AAC/B,QAAI,EAAE,mBAAmB,oBAAoB,OAAO,YAAY,SAC9D;AAGF,IADe,IAAI,gBAAgB,QAAQ,CACpC,SAAS,OAAO,QAAQ;AAC7B,SAAI,UAAU,QAAQ,UAAU,OAC9B,iBAAgB,aAAa,IAAIF,gCAAa,IAAI,EAAE,MAAM;MAE5D;;;EAKN,MAAM,UAAU,gBAAgB,KAAK,QAAQ,gBAAgB,GAAG;AAIhE,MAAI,YAAY,IAEd,KAAI,OAAO;;CAIf,MAAM,EAAE,WAAW,eAAe;AAClC,KAAI,UACF,QAAO,aAAa,IAAI,KAAK,QAAQ,IAAI,QAAQ,GAAG,GAAG,IAAI;AAE7D,QAAO;;AAGT,SAAgB,MAAM,KAAwB;AAC5C,QAAO,IAAI,IAAI,IAAI,UAAU,EAAE,OAAO,SAAS,OAAO;;;;;;;;;;;;;;AAexD,SAAgB,YAAY,KAA2B;AAIrD,KAAI,OAAO,OAAO,aAAa,eAAe,OAAO,QAAQ,SAC3D,QAAO;AAGT,OAAM,MAAM,IAAI;AAChB,QAAO,IAAI,KAAK,QAAQ,IAAI,QAAQ,GAAG;;;;;;;;;;;AAYzC,MAAa,qBAAqB,SAAyB;AACzD,SAAQ,QAAQ,IAAI,QAAQ,QAAQ,GAAG;;;;;;;;;;;AAYzC,MAAa,oBAAoB,SAAyB;AACxD,SAAQ,QAAQ,IAAI,QAAQ,QAAQ,GAAG;;AAGzC,MAAa,iCAAiC,WAAoC;CAChF,MAAM,EAAE,oBAAoB,OAAO;AACnC,QAAO,CAAC,CAAC,gBAAgB;;AAG3B,SAAgB,2BAA2B,EACzC,OAAO,OAAO,SAAS,MACvB,aAIC;CACD,MAAM,IAAI,KAAK,WAAW,IAAI,GAAG,KAAK,UAAU,EAAE,GAAG;AAErD,QADwB,IAAI,IAAI,GAAG,eAAe,CAC3B,aAAa,IAAI,UAAU;;AAGpD,SAAgB,WAAW,KAA+C;AACxE,KAAI,CAAC,IACH,QAAO;AAGT,KAAI;AACF,MAAI,IAAI,IAAc;AACtB,SAAO;SACD;AACN,SAAO;;;AAIX,SAAgB,sBAAsB,KAAa,QAA2B;AAC5E,KAAI;AACF,SAAO,IAAI,IAAI,IAAI;SACb;AACN,SAAO,IAAI,IAAI,KAAK,OAAO;;;AAK/B,MAAM,qBAAqB;CACzB;CACA;CAEA;CACD;;;;;AAMD,SAAgB,iBAAiB,KAAmB;AAClD,KAAI,kBAAkB,IAAI,CACxB,QAAO;AAGT,MAAK,MAAM,WAAW,mBACpB,KAAI,QAAQ,KAAK,IAAI,SAAS,CAC5B,QAAO;AAIX,QAAO;;AAGT,SAAgB,UAAU,KAA6B;AACrD,KAAI,CAAC,OAAO,CAAC,WAAW,IAAI,CAC1B,QAAO;AAGT,QAAO,IAAI,IAAI,IAAI,CAAC,aAAa;;;;;;;;;;;;AAanC,SAAgB,kBAAkB,KAAmB;AACnD,KAAI,CAAC,WAAW,IAAI,CAClB,QAAO;CAET,MAAM,WAAW,IAAI,IAAI,IAAI,CAAC;AAC9B,QAAO,qBAAqB,MAAK,OAAM,OAAO,SAAS;;;;;;;;;AAUzD,SAAgB,sBAAsB,KAA4B;AAChE,KAAI,CAAC,WAAW,IAAI,CAClB,QAAO;CAET,MAAM,WAAW,IAAI,IAAI,IAAI,CAAC;AAC9B,QAAO,sBAAsB,MAAK,OAAM,OAAO,SAAS;;;;;;;;;;AAW1D,SAAgB,aAAa,MAAgD;AAC3E,KAAI,CAAC,QAAQ,KAAK,MAAM,KAAK,GAC3B,QAAO;AAIT,KAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,CACtE,QAAO;AAIT,KAAI,CAAC,KAAK,SAAS,IAAI,CACrB,QAAO;AAIT,KAAI;AAEF,MAAI,sBADQ,IAAI,IAAI,KAAK,CACK,CAC5B,QAAO;AAET,SAAO;SACD;AAGN,SAAO;;;AAIX,MAAa,oBAAoB,SAAuB;AACtD,QAAO,IAAI,IAAI,MAAM,eAAe,CAAC,KAAK,WAAW,KAAK;;;;;;;;;;;;;AAc5D,MAAa,wBAAwB,SAA4B;CAC/D,MAAM,MAAM,IAAI,IAAI,KAAK;AAEzB,KAAI,CAAC,iBAAiB,IAAI,CACxB,QAAO;CAGT,MAAM,cAAc,IAAI,IAAI,IAAI,KAAK,QAAQ,MAAM,IAAI,EAAE,IAAI,KAAK;CAClE,MAAM,iBAAiB,CAAC,IAAI,UAAU,YAAY,SAAS,CACxD,KAAI,MAAK,EAAE,MAAM,IAAI,CAAC,CACtB,MAAM,CACN,OAAO,QAAQ,CACf,KAAK,IAAI;CAEZ,MAAM,YAAY,IAAI,IAAI,gBAAgB,IAAI,OAAO;AAErD,KAAI,aAAa,SAAS,KAAK,QAAQ;AACrC,YAAU,aAAa,IAAI,KAAK,IAAI;GACpC;AAEF,aAAY,aAAa,SAAS,KAAK,QAAQ;AAC7C,YAAU,aAAa,IAAI,KAAK,IAAI;GACpC;AAEF,QAAO;;AAGT,MAAa,oBAAoB,aAAqB;AACpD,QAAO,SAAS,QAAQ,yBAAyB,GAAG;;AAGtD,MAAMG,wCAAkD,CACtD,mBACD;AAED,MAAMC,sCAAgD;CACpD;CACA;CACA;CACA;CACD;AAED,SAAgB,+BAA+B,aAAqB,aAA8B;CAChG,MAAM,MAAM,IAAI,IAAI,aAAa,eAAe;CAChD,MAAM,OAAO,IAAI;CAEjB,MAAM,8BACJ,sCAAsC,SAAS,KAAK,IAAI,oCAAoC,SAAS,KAAK;AAC5G,QAAO,gBAAgB,IAAI,QAAQ;;AAGrC,SAAgB,kBAAkB,aAA8B;CAC9D,MAAM,MAAM,IAAI,IAAI,aAAa,eAAe;AAChD,QAAO,sCAAsC,SAAS,IAAI,SAAS;;AAGrE,MAAa,qBACV,wBAA4D,mBAA2B,SAAuB;CAC7G,IAAI,MAAM;AACV,KAAI,OAAO,QAAQ,SACjB,OAAM,sBAAsB,KAAK,cAAc;AAGjD,KAAI,CAAC,uBACH,QAAO;CAGT,MAAM,eAAe,kBAAkB,IAAI;CAE3C,MAAM,YACJ,CAAC,iBAAiB,IAAI,KACrB,gBACC,uBACG,KAAI,WAAW,OAAO,WAAW,WAAWC,oBAAM,SAAS,kBAAkB,OAAO,CAAC,GAAG,OAAQ,CAChG,MAAK,WAAU,OAAO,KAAK,kBAAkB,IAAI,OAAO,CAAC,CAAC;AAEjE,KAAI,CAAC,UACH,uBAAO,SACL,uBAAuB,IAAI,yFAC5B;AAEH,QAAO;;AAGX,SAAgB,6BACd,wBACA,aACA,cACiC;AACjC,KAAI,MAAM,QAAQ,uBAAuB,IAAI,CAAC,CAAC,uBAAuB,OACpE,QAAO;CAGT,MAAMC,UAAoB,EAAE;AAC5B,KAAI,OAAO,WAAW,eAAe,CAAC,CAAC,OAAO,SAC5C,SAAQ,KAAK,OAAO,SAAS,OAAO;AAGtC,SAAQ,KAAK,WAAW,8BAA8B,YAAY,GAAG;AACrE,SAAQ,KAAK,aAAa,8BAA8B,YAAY,GAAG;AAEvE,KAAI,iBAAiB,cACnB,SAAQ,KAAK,WAAW,cAAc;AAGxC,QAAO"}
+{"version":3,"file":"url-De4o_RSN.js","names":["createDevOrStagingUrlCache","isLegacyDevAccountPortalOrigin","isCurrentDevAccountPortalOrigin","camelToSnake","joinPaths","getQueryParams","frontendApiRedirectPathsWithUserInput: string[]","frontendApiRedirectPathsNoUserInput: string[]","globs","origins: string[]"],"sources":["../../src/internal/clerk-js/url.ts"],"sourcesContent":["import { globs } from '../../globs';\nimport { createDevOrStagingUrlCache } from '../../keys';\nimport { logger } from '../../logger';\nimport type { SignUpResource } from '../../types';\nimport { camelToSnake } from '../../underscore';\nimport { isCurrentDevAccountPortalOrigin, isLegacyDevAccountPortalOrigin } from '../../url';\nimport { joinPaths } from './path';\nimport { getQueryParams } from './querystring';\n\ndeclare global {\n  export interface Window {\n    tldts: {\n      getDomain(hostname: string, { allowPrivateDomains }: { allowPrivateDomains: boolean }): string;\n    };\n  }\n}\n\n// This is used as a dummy base when we need to invoke \"new URL()\" but we don't care about the URL origin.\nconst DUMMY_URL_BASE = 'http://clerk-dummy';\n\nconst BANNED_URI_PROTOCOLS = ['javascript:'] as const;\n\n// Protocols that are dangerous specifically for href attributes in links\nconst BANNED_HREF_PROTOCOLS = ['javascript:', 'data:', 'vbscript:', 'blob:'] as const;\n\nconst { isDevOrStagingUrl } = createDevOrStagingUrlCache();\nexport { isDevOrStagingUrl };\nconst accountPortalCache = new Map<string, boolean>();\n\nexport function isDevAccountPortalOrigin(hostname: string = window.location.hostname): boolean {\n  if (!hostname) {\n    return false;\n  }\n\n  let res = accountPortalCache.get(hostname);\n\n  if (res === undefined) {\n    res = isLegacyDevAccountPortalOrigin(hostname) || isCurrentDevAccountPortalOrigin(hostname);\n    accountPortalCache.set(hostname, res);\n  }\n\n  return res;\n}\n\nexport function getETLDPlusOneFromFrontendApi(frontendApi: string): string {\n  return frontendApi.replace('clerk.', '');\n}\n\ninterface BuildURLParams extends Partial<URL> {\n  base?: string;\n  hashPath?: string;\n  hashSearch?: string;\n  hashSearchParams?: URLSearchParams | Record<string, string> | Array<URLSearchParams | Record<string, string>>;\n}\n\ninterface BuildURLOptions<T> {\n  skipOrigin?: boolean;\n  stringify?: T;\n}\n\n/**\n *\n * buildURL(params: URLParams, options: BuildURLOptions): string\n *\n * Builds a URL safely by using the native URL() constructor. It can\n * also build a secondary path and search URL that lives inside the hash\n * of the main URL. For example:\n *\n * https://foo.com/bar?qux=42#/hash-bar?hash-qux=42\n *\n * References:\n * https://developer.mozilla.org/en-US/docs/Web/API/URL\n *\n * @param params\n * @param options\n * @returns Returns the URL href\n */\nexport function buildURL<B extends boolean>(\n  params: BuildURLParams,\n  options?: BuildURLOptions<B>,\n): B extends true ? string : URL;\n\nexport function buildURL(params: BuildURLParams, options: BuildURLOptions<boolean> = {}): URL | string {\n  const { base, hashPath, hashSearch, searchParams, hashSearchParams, ...rest } = params;\n\n  let fallbackBase = '';\n  // This check is necessary for React native environments where window is undefined.\n  // TODO: Refactor all window and document usages in clerk-js and import them from\n  // a single file that will be mocked easily in React native environments.\n  if (typeof window !== 'undefined' && !!window.location) {\n    fallbackBase = window.location.href;\n  } else {\n    fallbackBase = 'http://react-native-fake-base-url';\n  }\n\n  const url = new URL(base || '', fallbackBase);\n\n  // Properly copy URLSearchParams\n  if (searchParams instanceof URLSearchParams) {\n    searchParams.forEach((value, key) => {\n      if (value !== null && value !== undefined) {\n        url.searchParams.set(camelToSnake(key), value);\n      }\n    });\n  }\n\n  Object.assign(url, rest);\n\n  // Treat that hash part of the main URL as if it's another URL with a pathname and a search.\n  // Another nested hash inside the top level hash (e.g. #my-hash#my-second-hash) is currently\n  // not supported as there is no use case for it yet.\n  if (hashPath || hashSearch || hashSearchParams) {\n    // Parse the hash to a URL object\n    const dummyUrlForHash = new URL(DUMMY_URL_BASE + url.hash.substring(1));\n\n    // Join the current hash path and with the provided one\n    dummyUrlForHash.pathname = joinPaths(dummyUrlForHash.pathname, hashPath || '');\n\n    // Merge search params from hashSearch string\n    const searchParamsFromHashSearchString = getQueryParams(hashSearch || '');\n    for (const [key, val] of Object.entries(searchParamsFromHashSearchString)) {\n      dummyUrlForHash.searchParams.append(key, val);\n    }\n\n    // Merge search params from the hashSearchParams object\n    if (hashSearchParams) {\n      const paramsArr = Array.isArray(hashSearchParams) ? hashSearchParams : [hashSearchParams];\n      for (const _params of paramsArr) {\n        if (!(_params instanceof URLSearchParams) && typeof _params !== 'object') {\n          continue;\n        }\n        const params = new URLSearchParams(_params);\n        params.forEach((value, key) => {\n          if (value !== null && value !== undefined) {\n            dummyUrlForHash.searchParams.set(camelToSnake(key), value);\n          }\n        });\n      }\n    }\n\n    // Keep just the pathname and the  search\n    const newHash = dummyUrlForHash.href.replace(DUMMY_URL_BASE, '');\n\n    // if the hash is `/`, it means that nothing new was added to the hash\n    // so we can skip assigning it to the hash of the main url\n    if (newHash !== '/') {\n      // Assign them to the hash of the main url\n      url.hash = newHash;\n    }\n  }\n\n  const { stringify, skipOrigin } = options;\n  if (stringify) {\n    return skipOrigin ? url.href.replace(url.origin, '') : url.href;\n  }\n  return url;\n}\n\nexport function toURL(url: string | URL): URL {\n  return new URL(url.toString(), window.location.origin);\n}\n\n/**\n *\n * stripOrigin(url: URL | string): string\n *\n * Strips the origin part of a URL and preserves path, search and hash is applicable\n *\n * References:\n * https://developer.mozilla.org/en-US/docs/Web/API/URL\n *\n * @param url\n * @returns Returns the URL href without the origin\n */\nexport function stripOrigin(url: URL | string): string {\n  // In non-browser environments `window.location.origin` might not be available\n  // if not polyfilled, so we can't construct a URL object with the `url` string\n  // note: in that case, we can't easily strip the origin, so we return the original string\n  if (typeof window.location === 'undefined' && typeof url === 'string') {\n    return url;\n  }\n\n  url = toURL(url);\n  return url.href.replace(url.origin, '');\n}\n\n/**\n * trimTrailingSlash(path: string): string\n *\n * Strips the trailing slashes from a string\n *\n * @returns Returns the string without trailing slashes\n *\n * @param path\n */\nexport const trimTrailingSlash = (path: string): string => {\n  return (path || '').replace(/\\/+$/, '');\n};\n\n/**\n * trimLeadingSlash(path: string): string\n *\n * Strips the leading slashes from a string\n *\n * @returns Returns the string without leading slashes\n *\n * @param path\n */\nexport const trimLeadingSlash = (path: string): string => {\n  return (path || '').replace(/^\\/+/, '');\n};\n\nexport const hasExternalAccountSignUpError = (signUp: SignUpResource): boolean => {\n  const { externalAccount } = signUp.verifications;\n  return !!externalAccount.error;\n};\n\nexport function getSearchParameterFromHash({\n  hash = window.location.hash,\n  paramName,\n}: {\n  hash?: string;\n  paramName: string;\n}) {\n  const h = hash.startsWith('#') ? hash.substring(1) : hash;\n  const dummyUrlForHash = new URL(h, DUMMY_URL_BASE);\n  return dummyUrlForHash.searchParams.get(paramName);\n}\n\nexport function isValidUrl(val: string | URL | undefined | null): boolean {\n  if (!val) {\n    return false;\n  }\n\n  try {\n    new URL(val as string);\n    return true;\n  } catch {\n    return false;\n  }\n}\n\nexport function relativeToAbsoluteUrl(url: string, origin: string | URL): URL {\n  try {\n    return new URL(url);\n  } catch {\n    return new URL(url, origin);\n  }\n}\n\n// Regular expression to detect disallowed patterns\nconst disallowedPatterns = [\n  /\\0/, // Null bytes\n  /^\\/\\//, // Protocol-relative\n  // eslint-disable-next-line no-control-regex\n  /[\\x00-\\x1F]/, // Control characters\n];\n\n/**\n * Check for potentially problematic URLs that could have been crafted to intentionally bypass the origin check. Note that the URLs passed to this\n * function are assumed to be from an \"allowed origin\", so we are not executing origin-specific checks here.\n */\nexport function isProblematicUrl(url: URL): boolean {\n  if (hasBannedProtocol(url)) {\n    return true;\n  }\n  // Check against disallowed patterns\n  for (const pattern of disallowedPatterns) {\n    if (pattern.test(url.pathname)) {\n      return true;\n    }\n  }\n\n  return false;\n}\n\nexport function isDataUri(val?: string): val is string {\n  if (!val || !isValidUrl(val)) {\n    return false;\n  }\n\n  return new URL(val).protocol === 'data:';\n}\n\n/**\n * Checks if a URL uses javascript: protocol.\n * This prevents some XSS attacks through javascript: URLs.\n *\n * IMPORTANT: This does not check for `data:` or other protocols which\n * are dangerous if used for links or setting the window location.\n *\n * @param val - The URL to check\n * @returns True if the URL contains a banned protocol, false otherwise\n */\nexport function hasBannedProtocol(val: string | URL) {\n  if (!isValidUrl(val)) {\n    return false;\n  }\n  const protocol = new URL(val).protocol;\n  return BANNED_URI_PROTOCOLS.some(bp => bp === protocol);\n}\n\n/**\n * Checks if a URL contains a banned protocol for href attributes in links.\n * This prevents some XSS attacks through javascript:, data:, vbscript:, and blob: URLs.\n *\n * @param val - The URL to check\n * @returns True if the URL contains a banned protocol, false otherwise\n */\nexport function hasBannedHrefProtocol(val: string | URL): boolean {\n  if (!isValidUrl(val)) {\n    return false;\n  }\n  const protocol = new URL(val).protocol;\n  return BANNED_HREF_PROTOCOLS.some(bp => bp === protocol);\n}\n\n/**\n * Sanitizes an href value by checking for dangerous protocols.\n * Returns null if the href contains a dangerous protocol, otherwise returns the original href.\n * This prevents some XSS attacks through javascript:, data:, vbscript:, and blob: URLs.\n *\n * @param href - The href value to sanitize\n * @returns The sanitized href or null if dangerous\n */\nexport function sanitizeHref(href: string | undefined | null): string | null {\n  if (!href || href.trim() === '') {\n    return null;\n  }\n\n  // For relative URLs (starting with / or # or ?), allow them through\n  if (href.startsWith('/') || href.startsWith('#') || href.startsWith('?')) {\n    return href;\n  }\n\n  // For relative URLs without leading slash, allow them through\n  if (!href.includes(':')) {\n    return href;\n  }\n\n  // Check if it's a valid URL with a dangerous protocol\n  try {\n    const url = new URL(href);\n    if (hasBannedHrefProtocol(url)) {\n      return null;\n    }\n    return href;\n  } catch {\n    // If URL parsing fails, it's likely a relative URL or malformed\n    // Allow relative URLs through, but be cautious with malformed ones\n    return href;\n  }\n}\n\nexport const hasUrlInFragment = (_url: URL | string) => {\n  return new URL(_url, DUMMY_URL_BASE).hash.startsWith('#/');\n};\n\n/**\n * Creates a new URL by merging a fragment-based URL, if found.\n * The result URL has the original and the fragment pathnames appended\n * and also includes all search params from both places.\n *\n * @example\n * ```ts\n * mergeFragmentIntoUrl('https://accounts.clerk.com/sign-in?user_param=hello#/verify/factor-one?redirect_url=/protected')\n * // Returns: 'https://accounts.clerk.com/sign-in/verify/factor-one?user_param=hello&redirect_url=/protected'\n * ```\n */\nexport const mergeFragmentIntoUrl = (_url: string | URL): URL => {\n  const url = new URL(_url);\n\n  if (!hasUrlInFragment(url)) {\n    return url;\n  }\n\n  const fragmentUrl = new URL(url.hash.replace('#/', '/'), url.href);\n  const mergedPathname = [url.pathname, fragmentUrl.pathname]\n    .map(s => s.split('/'))\n    .flat()\n    .filter(Boolean)\n    .join('/');\n\n  const mergedUrl = new URL(mergedPathname, url.origin);\n\n  url.searchParams.forEach((val, key) => {\n    mergedUrl.searchParams.set(key, val);\n  });\n\n  fragmentUrl.searchParams.forEach((val, key) => {\n    mergedUrl.searchParams.set(key, val);\n  });\n\n  return mergedUrl;\n};\n\nexport const pathFromFullPath = (fullPath: string) => {\n  return fullPath.replace(/CLERK-ROUTER\\/(.*?)\\//, '');\n};\n\nconst frontendApiRedirectPathsWithUserInput: string[] = [\n  '/oauth/authorize', // OAuth2 identify provider flow\n];\n\nconst frontendApiRedirectPathsNoUserInput: string[] = [\n  '/v1/verify', // magic links\n  '/v1/tickets/accept', // ticket flow\n  '/oauth/authorize-with-immediate-redirect', // OAuth 2 identity provider\n  '/oauth/end_session', // OIDC logout\n];\n\nexport function isRedirectForFAPIInitiatedFlow(frontendApi: string, redirectUrl: string): boolean {\n  const url = new URL(redirectUrl, DUMMY_URL_BASE);\n  const path = url.pathname;\n\n  const isValidFrontendRedirectPath =\n    frontendApiRedirectPathsWithUserInput.includes(path) || frontendApiRedirectPathsNoUserInput.includes(path);\n  return frontendApi === url.host && isValidFrontendRedirectPath;\n}\n\nexport function requiresUserInput(redirectUrl: string): boolean {\n  const url = new URL(redirectUrl, DUMMY_URL_BASE);\n  return frontendApiRedirectPathsWithUserInput.includes(url.pathname);\n}\n\nexport const isAllowedRedirect =\n  (allowedRedirectOrigins: Array<string | RegExp> | undefined, currentOrigin: string) => (_url: URL | string) => {\n    let url = _url;\n    if (typeof url === 'string') {\n      url = relativeToAbsoluteUrl(url, currentOrigin);\n    }\n\n    if (!allowedRedirectOrigins) {\n      return true;\n    }\n\n    const isSameOrigin = currentOrigin === url.origin;\n\n    const isAllowed =\n      !isProblematicUrl(url) &&\n      (isSameOrigin ||\n        allowedRedirectOrigins\n          .map(origin => (typeof origin === 'string' ? globs.toRegexp(trimTrailingSlash(origin)) : origin))\n          .some(origin => origin.test(trimTrailingSlash(url.origin))));\n\n    if (!isAllowed) {\n      logger.warnOnce(\n        `Clerk: Redirect URL ${url} is not on one of the allowedRedirectOrigins, falling back to the default redirect URL.`,\n      );\n    }\n    return isAllowed;\n  };\n\nexport function createAllowedRedirectOrigins(\n  allowedRedirectOrigins: Array<string | RegExp> | undefined,\n  frontendApi: string,\n  instanceType?: string,\n): (string | RegExp)[] | undefined {\n  if (Array.isArray(allowedRedirectOrigins) && !!allowedRedirectOrigins.length) {\n    return allowedRedirectOrigins;\n  }\n\n  const origins: string[] = [];\n  if (typeof window !== 'undefined' && !!window.location) {\n    origins.push(window.location.origin);\n  }\n\n  origins.push(`https://${getETLDPlusOneFromFrontendApi(frontendApi)}`);\n  origins.push(`https://*.${getETLDPlusOneFromFrontendApi(frontendApi)}`);\n\n  if (instanceType === 'development') {\n    origins.push(`https://${frontendApi}`);\n  }\n\n  return origins;\n}\n"],"mappings":";;;;;;;;;AAkBA,MAAM,iBAAiB;AAEvB,MAAM,uBAAuB,CAAC,cAAc;AAG5C,MAAM,wBAAwB;CAAC;CAAe;CAAS;CAAa;CAAQ;AAE5E,MAAM,EAAE,sBAAsBA,yCAA4B;AAE1D,MAAM,qCAAqB,IAAI,KAAsB;AAErD,SAAgB,yBAAyB,WAAmB,OAAO,SAAS,UAAmB;AAC7F,KAAI,CAAC,SACH,QAAO;CAGT,IAAI,MAAM,mBAAmB,IAAI,SAAS;AAE1C,KAAI,QAAQ,QAAW;AACrB,QAAMC,2CAA+B,SAAS,IAAIC,4CAAgC,SAAS;AAC3F,qBAAmB,IAAI,UAAU,IAAI;;AAGvC,QAAO;;AAGT,SAAgB,8BAA8B,aAA6B;AACzE,QAAO,YAAY,QAAQ,UAAU,GAAG;;AAqC1C,SAAgB,SAAS,QAAwB,UAAoC,EAAE,EAAgB;CACrG,MAAM,EAAE,MAAM,UAAU,YAAY,cAAc,iBAAkB,GAAG,SAAS;CAEhF,IAAI,eAAe;AAInB,KAAI,OAAO,WAAW,eAAe,CAAC,CAAC,OAAO,SAC5C,gBAAe,OAAO,SAAS;KAE/B,gBAAe;CAGjB,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI,aAAa;AAG7C,KAAI,wBAAwB,gBAC1B,cAAa,SAAS,OAAO,QAAQ;AACnC,MAAI,UAAU,QAAQ,UAAU,OAC9B,KAAI,aAAa,IAAIC,gCAAa,IAAI,EAAE,MAAM;GAEhD;AAGJ,QAAO,OAAO,KAAK,KAAK;AAKxB,KAAI,YAAY,cAAc,kBAAkB;EAE9C,MAAM,kBAAkB,IAAI,IAAI,iBAAiB,IAAI,KAAK,UAAU,EAAE,CAAC;AAGvE,kBAAgB,WAAWC,uBAAU,gBAAgB,UAAU,YAAY,GAAG;EAG9E,MAAM,mCAAmCC,mCAAe,cAAc,GAAG;AACzE,OAAK,MAAM,CAAC,KAAK,QAAQ,OAAO,QAAQ,iCAAiC,CACvE,iBAAgB,aAAa,OAAO,KAAK,IAAI;AAI/C,MAAI,kBAAkB;GACpB,MAAM,YAAY,MAAM,QAAQ,iBAAiB,GAAG,mBAAmB,CAAC,iBAAiB;AACzF,QAAK,MAAM,WAAW,WAAW;AAC/B,QAAI,EAAE,mBAAmB,oBAAoB,OAAO,YAAY,SAC9D;AAGF,IADe,IAAI,gBAAgB,QAAQ,CACpC,SAAS,OAAO,QAAQ;AAC7B,SAAI,UAAU,QAAQ,UAAU,OAC9B,iBAAgB,aAAa,IAAIF,gCAAa,IAAI,EAAE,MAAM;MAE5D;;;EAKN,MAAM,UAAU,gBAAgB,KAAK,QAAQ,gBAAgB,GAAG;AAIhE,MAAI,YAAY,IAEd,KAAI,OAAO;;CAIf,MAAM,EAAE,WAAW,eAAe;AAClC,KAAI,UACF,QAAO,aAAa,IAAI,KAAK,QAAQ,IAAI,QAAQ,GAAG,GAAG,IAAI;AAE7D,QAAO;;AAGT,SAAgB,MAAM,KAAwB;AAC5C,QAAO,IAAI,IAAI,IAAI,UAAU,EAAE,OAAO,SAAS,OAAO;;;;;;;;;;;;;;AAexD,SAAgB,YAAY,KAA2B;AAIrD,KAAI,OAAO,OAAO,aAAa,eAAe,OAAO,QAAQ,SAC3D,QAAO;AAGT,OAAM,MAAM,IAAI;AAChB,QAAO,IAAI,KAAK,QAAQ,IAAI,QAAQ,GAAG;;;;;;;;;;;AAYzC,MAAa,qBAAqB,SAAyB;AACzD,SAAQ,QAAQ,IAAI,QAAQ,QAAQ,GAAG;;;;;;;;;;;AAYzC,MAAa,oBAAoB,SAAyB;AACxD,SAAQ,QAAQ,IAAI,QAAQ,QAAQ,GAAG;;AAGzC,MAAa,iCAAiC,WAAoC;CAChF,MAAM,EAAE,oBAAoB,OAAO;AACnC,QAAO,CAAC,CAAC,gBAAgB;;AAG3B,SAAgB,2BAA2B,EACzC,OAAO,OAAO,SAAS,MACvB,aAIC;CACD,MAAM,IAAI,KAAK,WAAW,IAAI,GAAG,KAAK,UAAU,EAAE,GAAG;AAErD,QADwB,IAAI,IAAI,GAAG,eAAe,CAC3B,aAAa,IAAI,UAAU;;AAGpD,SAAgB,WAAW,KAA+C;AACxE,KAAI,CAAC,IACH,QAAO;AAGT,KAAI;AACF,MAAI,IAAI,IAAc;AACtB,SAAO;SACD;AACN,SAAO;;;AAIX,SAAgB,sBAAsB,KAAa,QAA2B;AAC5E,KAAI;AACF,SAAO,IAAI,IAAI,IAAI;SACb;AACN,SAAO,IAAI,IAAI,KAAK,OAAO;;;AAK/B,MAAM,qBAAqB;CACzB;CACA;CAEA;CACD;;;;;AAMD,SAAgB,iBAAiB,KAAmB;AAClD,KAAI,kBAAkB,IAAI,CACxB,QAAO;AAGT,MAAK,MAAM,WAAW,mBACpB,KAAI,QAAQ,KAAK,IAAI,SAAS,CAC5B,QAAO;AAIX,QAAO;;AAGT,SAAgB,UAAU,KAA6B;AACrD,KAAI,CAAC,OAAO,CAAC,WAAW,IAAI,CAC1B,QAAO;AAGT,QAAO,IAAI,IAAI,IAAI,CAAC,aAAa;;;;;;;;;;;;AAanC,SAAgB,kBAAkB,KAAmB;AACnD,KAAI,CAAC,WAAW,IAAI,CAClB,QAAO;CAET,MAAM,WAAW,IAAI,IAAI,IAAI,CAAC;AAC9B,QAAO,qBAAqB,MAAK,OAAM,OAAO,SAAS;;;;;;;;;AAUzD,SAAgB,sBAAsB,KAA4B;AAChE,KAAI,CAAC,WAAW,IAAI,CAClB,QAAO;CAET,MAAM,WAAW,IAAI,IAAI,IAAI,CAAC;AAC9B,QAAO,sBAAsB,MAAK,OAAM,OAAO,SAAS;;;;;;;;;;AAW1D,SAAgB,aAAa,MAAgD;AAC3E,KAAI,CAAC,QAAQ,KAAK,MAAM,KAAK,GAC3B,QAAO;AAIT,KAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,CACtE,QAAO;AAIT,KAAI,CAAC,KAAK,SAAS,IAAI,CACrB,QAAO;AAIT,KAAI;AAEF,MAAI,sBADQ,IAAI,IAAI,KAAK,CACK,CAC5B,QAAO;AAET,SAAO;SACD;AAGN,SAAO;;;AAIX,MAAa,oBAAoB,SAAuB;AACtD,QAAO,IAAI,IAAI,MAAM,eAAe,CAAC,KAAK,WAAW,KAAK;;;;;;;;;;;;;AAc5D,MAAa,wBAAwB,SAA4B;CAC/D,MAAM,MAAM,IAAI,IAAI,KAAK;AAEzB,KAAI,CAAC,iBAAiB,IAAI,CACxB,QAAO;CAGT,MAAM,cAAc,IAAI,IAAI,IAAI,KAAK,QAAQ,MAAM,IAAI,EAAE,IAAI,KAAK;CAClE,MAAM,iBAAiB,CAAC,IAAI,UAAU,YAAY,SAAS,CACxD,KAAI,MAAK,EAAE,MAAM,IAAI,CAAC,CACtB,MAAM,CACN,OAAO,QAAQ,CACf,KAAK,IAAI;CAEZ,MAAM,YAAY,IAAI,IAAI,gBAAgB,IAAI,OAAO;AAErD,KAAI,aAAa,SAAS,KAAK,QAAQ;AACrC,YAAU,aAAa,IAAI,KAAK,IAAI;GACpC;AAEF,aAAY,aAAa,SAAS,KAAK,QAAQ;AAC7C,YAAU,aAAa,IAAI,KAAK,IAAI;GACpC;AAEF,QAAO;;AAGT,MAAa,oBAAoB,aAAqB;AACpD,QAAO,SAAS,QAAQ,yBAAyB,GAAG;;AAGtD,MAAMG,wCAAkD,CACtD,mBACD;AAED,MAAMC,sCAAgD;CACpD;CACA;CACA;CACA;CACD;AAED,SAAgB,+BAA+B,aAAqB,aAA8B;CAChG,MAAM,MAAM,IAAI,IAAI,aAAa,eAAe;CAChD,MAAM,OAAO,IAAI;CAEjB,MAAM,8BACJ,sCAAsC,SAAS,KAAK,IAAI,oCAAoC,SAAS,KAAK;AAC5G,QAAO,gBAAgB,IAAI,QAAQ;;AAGrC,SAAgB,kBAAkB,aAA8B;CAC9D,MAAM,MAAM,IAAI,IAAI,aAAa,eAAe;AAChD,QAAO,sCAAsC,SAAS,IAAI,SAAS;;AAGrE,MAAa,qBACV,wBAA4D,mBAA2B,SAAuB;CAC7G,IAAI,MAAM;AACV,KAAI,OAAO,QAAQ,SACjB,OAAM,sBAAsB,KAAK,cAAc;AAGjD,KAAI,CAAC,uBACH,QAAO;CAGT,MAAM,eAAe,kBAAkB,IAAI;CAE3C,MAAM,YACJ,CAAC,iBAAiB,IAAI,KACrB,gBACC,uBACG,KAAI,WAAW,OAAO,WAAW,WAAWC,oBAAM,SAAS,kBAAkB,OAAO,CAAC,GAAG,OAAQ,CAChG,MAAK,WAAU,OAAO,KAAK,kBAAkB,IAAI,OAAO,CAAC,CAAC;AAEjE,KAAI,CAAC,UACH,uBAAO,SACL,uBAAuB,IAAI,yFAC5B;AAEH,QAAO;;AAGX,SAAgB,6BACd,wBACA,aACA,cACiC;AACjC,KAAI,MAAM,QAAQ,uBAAuB,IAAI,CAAC,CAAC,uBAAuB,OACpE,QAAO;CAGT,MAAMC,UAAoB,EAAE;AAC5B,KAAI,OAAO,WAAW,eAAe,CAAC,CAAC,OAAO,SAC5C,SAAQ,KAAK,OAAO,SAAS,OAAO;AAGtC,SAAQ,KAAK,WAAW,8BAA8B,YAAY,GAAG;AACrE,SAAQ,KAAK,aAAa,8BAA8B,YAAY,GAAG;AAEvE,KAAI,iBAAiB,cACnB,SAAQ,KAAK,WAAW,cAAc;AAGxC,QAAO"}

package/dist/runtime/{url-oznSXRUO.d.ts → url-DnBrs0FC.d.ts}

@@ -1,4 +1,4 @@
-import { qn as SignUpResource } from "./index-C32ntfvR.js";
+import { Jn as SignUpResource } from "./index-BZAgbf9u.js";
 
 //#region src/internal/clerk-js/url.d.ts
 declare global {
@@ -141,4 +141,4 @@ declare const isAllowedRedirect: (allowedRedirectOrigins: Array<string | RegExp>
 declare function createAllowedRedirectOrigins(allowedRedirectOrigins: Array<string | RegExp> | undefined, frontendApi: string, instanceType?: string): (string | RegExp)[] | undefined;
 //#endregion
 export { trimLeadingSlash as C, toURL as S, pathFromFullPath as _, hasBannedHrefProtocol as a, sanitizeHref as b, hasUrlInFragment as c, isDevAccountPortalOrigin as d, isDevOrStagingUrl as f, mergeFragmentIntoUrl as g, isValidUrl as h, getSearchParameterFromHash as i, isAllowedRedirect as l, isRedirectForFAPIInitiatedFlow as m, createAllowedRedirectOrigins as n, hasBannedProtocol as o, isProblematicUrl as p, getETLDPlusOneFromFrontendApi as r, hasExternalAccountSignUpError as s, buildURL as t, isDataUri as u, relativeToAbsoluteUrl as v, trimTrailingSlash as w, stripOrigin as x, requiresUserInput as y };
-//# sourceMappingURL=url-oznSXRUO.d.ts.map
+//# sourceMappingURL=url-DnBrs0FC.d.ts.map

package/dist/runtime/{url-oznSXRUO.d.ts.map → url-DnBrs0FC.d.ts.map}

@@ -1 +1 @@
-{"version":3,"file":"url-oznSXRUO.d.ts","names":[],"sources":["../../src/internal/clerk-js/url.ts"],"sourcesContent":[],"mappings":";;;;;IAGkD,KAAA,EAAA;MAAA,SAAA,CAAA,QAAA,EAAA,MAAA,EAAA;QAAA;MASK,CATL,EAAA;QASd,mBAAmB,EAAA,OAAA;MAAA,CAAA,CAAA,EAAA,MAAA;IAAA,CAAA;EAa/C;AAIR;AAeA,cAnBQ,iBAmBQ,EAAA,CAAA,GAA6B,EAAA,MAAA,GAnBpB,GAmBoB,EAAA,GAAA,OAAA;AAIJ,iBAnBzB,wBAAA,CAmByB,QAAA,CAAA,EAAA,MAAA,CAAA,EAAA,OAAA;AAIpB,iBARL,6BAAA,CAQK,WAAA,EAAA,MAAA,CAAA,EAAA,MAAA;UAJX,cAAA,SAAuB,OAIM,CAJE,GAIF,CAAA,CAAA;EAA+B,IAAA,CAAA,EAAA,MAAA;EAAkB,QAAA,CAAA,EAAA,MAAA;EAAxB,UAAA,CAAA,EAAA,MAAA;EAJ/B,gBAAA,CAAA,EAIZ,eAJY,GAIM,MAJN,CAAA,MAAA,EAAA,MAAA,CAAA,GAI+B,KAJ/B,CAIqC,eAJrC,GAIuD,MAJvD,CAAA,MAAA,EAAA,MAAA,CAAA,CAAA;;AAAO,UAO9B,eAAe,CAAA,CAAA,CAAA,CAAA;EAsBT,UAAA,CAAQ,EAAA,OAAA;EACd,SAAA,CAAA,EArBI,CAqBJ;;;;;;AAgFV;AAgBA;AAqBA;AAaA;AAIA;AAKA;AAYA;AAaA;AAoBA;AAcA;AAkBA;AAeA;AAgBA;AA6Ba,iBArRG,QAuRf,CAAA,UAFyC,OAAA,CAAA,CAAA,MAAA,EApRhC,cAoRgC,EAAA,OAAA,CAAA,EAnR9B,eAmR8B,CAnRd,CAmRc,CAAA,CAAA,EAlRvC,CAkRuC,SAAA,IAAA,GAAA,MAAA,GAlRb,GAkRa;AAe7B,iBAnNG,KAAA,CA4Of,GAAA,EAAA,MAzBmD,GAnNhB,GAmNsB,CAAA,EAnNhB,GA4OzC;AAED;AAeA;AASA;AAKA;;;;;AA4BA;;;;AAImB,iBA3RH,WAAA,CA2RG,GAAA,EA3Rc,GA2Rd,GAAA,MAAA,CAAA,EAAA,MAAA;;;;;;;;;;cAtQN;;;;;;;;;;cAaA;cAIA,wCAAyC;iBAKtC,0BAAA;;;;;;;iBAYA,UAAA,eAAyB;iBAazB,qBAAA,+BAAoD,MAAM;;;;;iBAoB1D,gBAAA,MAAsB;iBActB,SAAA;;;;;;;;;;;iBAkBA,iBAAA,eAAgC;;;;;;;;iBAehC,qBAAA,eAAoC;;;;;;;;;iBAgBpC,YAAA;cA6BH,yBAA0B;;;;;;;;;;;;cAe1B,sCAAuC,QAAM;cA2B7C;iBAeG,8BAAA;iBASA,iBAAA;cAKH,4CACc,eAAe,sDAAsD;iBA2BhF,4BAAA,yBACU,eAAe,4EAG5B"}
+{"version":3,"file":"url-DnBrs0FC.d.ts","names":[],"sources":["../../src/internal/clerk-js/url.ts"],"sourcesContent":[],"mappings":";;;;;IAGkD,KAAA,EAAA;MAAA,SAAA,CAAA,QAAA,EAAA,MAAA,EAAA;QAAA;MASK,CATL,EAAA;QASd,mBAAmB,EAAA,OAAA;MAAA,CAAA,CAAA,EAAA,MAAA;IAAA,CAAA;EAa/C;AAIR;AAeA,cAnBQ,iBAmBQ,EAAA,CAAA,GAA6B,EAAA,MAAA,GAnBpB,GAmBoB,EAAA,GAAA,OAAA;AAIJ,iBAnBzB,wBAAA,CAmByB,QAAA,CAAA,EAAA,MAAA,CAAA,EAAA,OAAA;AAIpB,iBARL,6BAAA,CAQK,WAAA,EAAA,MAAA,CAAA,EAAA,MAAA;UAJX,cAAA,SAAuB,OAIM,CAJE,GAIF,CAAA,CAAA;EAA+B,IAAA,CAAA,EAAA,MAAA;EAAkB,QAAA,CAAA,EAAA,MAAA;EAAxB,UAAA,CAAA,EAAA,MAAA;EAJ/B,gBAAA,CAAA,EAIZ,eAJY,GAIM,MAJN,CAAA,MAAA,EAAA,MAAA,CAAA,GAI+B,KAJ/B,CAIqC,eAJrC,GAIuD,MAJvD,CAAA,MAAA,EAAA,MAAA,CAAA,CAAA;;AAAO,UAO9B,eAAe,CAAA,CAAA,CAAA,CAAA;EAsBT,UAAA,CAAQ,EAAA,OAAA;EACd,SAAA,CAAA,EArBI,CAqBJ;;;;;;AAgFV;AAgBA;AAqBA;AAaA;AAIA;AAKA;AAYA;AAaA;AAoBA;AAcA;AAkBA;AAeA;AAgBA;AA6Ba,iBArRG,QAuRf,CAAA,UAFyC,OAAA,CAAA,CAAA,MAAA,EApRhC,cAoRgC,EAAA,OAAA,CAAA,EAnR9B,eAmR8B,CAnRd,CAmRc,CAAA,CAAA,EAlRvC,CAkRuC,SAAA,IAAA,GAAA,MAAA,GAlRb,GAkRa;AAe7B,iBAnNG,KAAA,CA4Of,GAAA,EAAA,MAzBmD,GAnNhB,GAmNsB,CAAA,EAnNhB,GA4OzC;AAED;AAeA;AASA;AAKA;;;;;AA4BA;;;;AAImB,iBA3RH,WAAA,CA2RG,GAAA,EA3Rc,GA2Rd,GAAA,MAAA,CAAA,EAAA,MAAA;;;;;;;;;;cAtQN;;;;;;;;;;cAaA;cAIA,wCAAyC;iBAKtC,0BAAA;;;;;;;iBAYA,UAAA,eAAyB;iBAazB,qBAAA,+BAAoD,MAAM;;;;;iBAoB1D,gBAAA,MAAsB;iBActB,SAAA;;;;;;;;;;;iBAkBA,iBAAA,eAAgC;;;;;;;;iBAehC,qBAAA,eAAoC;;;;;;;;;iBAgBpC,YAAA;cA6BH,yBAA0B;;;;;;;;;;;;cAe1B,sCAAuC,QAAM;cA2B7C;iBAeG,8BAAA;iBASA,iBAAA;cAKH,4CACc,eAAe,sDAAsD;iBA2BhF,4BAAA,yBACU,eAAe,4EAG5B"}

package/dist/runtime/utils/index.d.mts

@@ -1,4 +1,4 @@
-import { t as handleValueOrFn } from "../handleValueOrFn-PpdLgNiN.mjs";
+import { t as handleValueOrFn } from "../handleValueOrFn-DCe6q2n8.mjs";
 
 //#region src/utils/createDeferredPromise.d.ts
 type Callback = (val?: any) => void;

package/dist/runtime/utils/index.js

@@ -3,7 +3,7 @@ const require_handleValueOrFn = require('../handleValueOrFn-lhXrsi6y.js');
 const require_instance = require('../instance-DykLn3Pi.js');
 const require_noop = require('../noop-DEV2Xnb4.js');
 const require_createDeferredPromise = require('../createDeferredPromise-CFgXzt9g.js');
-const require_utils = require('../utils-Cm0NUhek.js');
+const require_utils = require('../utils-JIOtJbTe.js');
 
 exports.allSettled = require_utils.allSettled;
 exports.createDeferredPromise = require_createDeferredPromise.createDeferredPromise;

package/dist/runtime/utils/index.mjs

@@ -3,6 +3,6 @@ import { t as handleValueOrFn } from "../handleValueOrFn-AOTAW6HQ.mjs";
 import { t as isStaging } from "../instance-DniYMiU-.mjs";
 import { t as noop } from "../noop-Dzu7lrge.mjs";
 import { t as createDeferredPromise } from "../createDeferredPromise-DjiBNELG.mjs";
-import { a as allSettled, i as logErrorInDevMode, n as fastDeepMergeAndReplace, r as runIfFunctionOrReturn, t as fastDeepMergeAndKeep } from "../utils-DIVknyRo.mjs";
+import { a as allSettled, i as logErrorInDevMode, n as fastDeepMergeAndReplace, r as runIfFunctionOrReturn, t as fastDeepMergeAndKeep } from "../utils-_GMGltn-.mjs";
 
 export { allSettled, createDeferredPromise, fastDeepMergeAndKeep, fastDeepMergeAndReplace, handleValueOrFn, isDevelopmentEnvironment, isProductionEnvironment, isStaging, isTestEnvironment, logErrorInDevMode, noop, runIfFunctionOrReturn };

package/dist/runtime/{utils-Cm0NUhek.js → utils-JIOtJbTe.js}

@@ -45,7 +45,7 @@ const fastDeepMergeAndReplace = (source, target) => {
 	for (const key in source) if (Object.prototype.hasOwnProperty.call(source, key) && source[key] !== null && typeof source[key] === `object`) {
 		if (target[key] === void 0) target[key] = new (Object.getPrototypeOf(source[key])).constructor();
 		fastDeepMergeAndReplace(source[key], target[key]);
-	} else if (Object.prototype.hasOwnProperty.call(source, key)) target[key] = source[key];
+	} else if (Object.prototype.hasOwnProperty.call(source, key) && source[key] !== void 0) target[key] = source[key];
 };
 const fastDeepMergeAndKeep = (source, target) => {
 	if (!source || !target) return;
@@ -86,4 +86,4 @@ Object.defineProperty(exports, 'runIfFunctionOrReturn', {
     return runIfFunctionOrReturn;
   }
 });
-//# sourceMappingURL=utils-Cm0NUhek.js.map
+//# sourceMappingURL=utils-JIOtJbTe.js.map

package/dist/runtime/utils-JIOtJbTe.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils-JIOtJbTe.js","names":["isDevelopmentEnvironment"],"sources":["../../src/utils/allSettled.ts","../../src/utils/logErrorInDevMode.ts","../../src/utils/runIfFunctionOrReturn.ts","../../src/utils/fastDeepMerge.ts"],"sourcesContent":["/**\n * A ES6 compatible utility that implements `Promise.allSettled`\n *\n * @internal\n */\nexport function allSettled<T>(\n  iterable: Iterable<Promise<T>>,\n): Promise<({ status: 'fulfilled'; value: T } | { status: 'rejected'; reason: any })[]> {\n  const promises = Array.from(iterable).map(p =>\n    p.then(\n      value => ({ status: 'fulfilled', value }) as const,\n      reason => ({ status: 'rejected', reason }) as const,\n    ),\n  );\n  return Promise.all(promises);\n}\n","import { isDevelopmentEnvironment } from './runtimeEnvironment';\n\nexport const logErrorInDevMode = (message: string) => {\n  if (isDevelopmentEnvironment()) {\n    console.error(`Clerk: ${message}`);\n  }\n};\n","/**\n *\n */\nexport function runIfFunctionOrReturn(o: unknown) {\n  if (typeof o === 'function') {\n    return o();\n  }\n  return o;\n}\n","/**\n * Merges 2 objects without creating new object references\n * The merged props will appear on the `target` object\n * If `target` already has a value for a given key it will not be overwritten\n */\nexport const fastDeepMergeAndReplace = (\n  source: Record<any, any> | undefined | null,\n  target: Record<any, any> | undefined | null,\n) => {\n  if (!source || !target) {\n    return;\n  }\n\n  for (const key in source) {\n    if (Object.prototype.hasOwnProperty.call(source, key) && source[key] !== null && typeof source[key] === `object`) {\n      if (target[key] === undefined) {\n        target[key] = new (Object.getPrototypeOf(source[key]).constructor)();\n      }\n      fastDeepMergeAndReplace(source[key], target[key]);\n    } else if (Object.prototype.hasOwnProperty.call(source, key) && source[key] !== undefined) {\n      target[key] = source[key];\n    }\n  }\n};\n\nexport const fastDeepMergeAndKeep = (\n  source: Record<any, any> | undefined | null,\n  target: Record<any, any> | undefined | null,\n) => {\n  if (!source || !target) {\n    return;\n  }\n\n  for (const key in source) {\n    if (Object.prototype.hasOwnProperty.call(source, key) && source[key] !== null && typeof source[key] === `object`) {\n      if (target[key] === undefined) {\n        target[key] = new (Object.getPrototypeOf(source[key]).constructor)();\n      }\n      fastDeepMergeAndKeep(source[key], target[key]);\n    } else if (Object.prototype.hasOwnProperty.call(source, key) && target[key] === undefined) {\n      target[key] = source[key];\n    }\n  }\n};\n"],"mappings":";;;;;;;;AAKA,SAAgB,WACd,UACsF;CACtF,MAAM,WAAW,MAAM,KAAK,SAAS,CAAC,KAAI,MACxC,EAAE,MACA,WAAU;EAAE,QAAQ;EAAa;EAAO,IACxC,YAAW;EAAE,QAAQ;EAAY;EAAQ,EAC1C,CACF;AACD,QAAO,QAAQ,IAAI,SAAS;;;;;ACZ9B,MAAa,qBAAqB,YAAoB;AACpD,KAAIA,qDAA0B,CAC5B,SAAQ,MAAM,UAAU,UAAU;;;;;;;;ACDtC,SAAgB,sBAAsB,GAAY;AAChD,KAAI,OAAO,MAAM,WACf,QAAO,GAAG;AAEZ,QAAO;;;;;;;;;;ACFT,MAAa,2BACX,QACA,WACG;AACH,KAAI,CAAC,UAAU,CAAC,OACd;AAGF,MAAK,MAAM,OAAO,OAChB,KAAI,OAAO,UAAU,eAAe,KAAK,QAAQ,IAAI,IAAI,OAAO,SAAS,QAAQ,OAAO,OAAO,SAAS,UAAU;AAChH,MAAI,OAAO,SAAS,OAClB,QAAO,OAAO,KAAK,OAAO,eAAe,OAAO,KAAK,EAAC,aAAc;AAEtE,0BAAwB,OAAO,MAAM,OAAO,KAAK;YACxC,OAAO,UAAU,eAAe,KAAK,QAAQ,IAAI,IAAI,OAAO,SAAS,OAC9E,QAAO,OAAO,OAAO;;AAK3B,MAAa,wBACX,QACA,WACG;AACH,KAAI,CAAC,UAAU,CAAC,OACd;AAGF,MAAK,MAAM,OAAO,OAChB,KAAI,OAAO,UAAU,eAAe,KAAK,QAAQ,IAAI,IAAI,OAAO,SAAS,QAAQ,OAAO,OAAO,SAAS,UAAU;AAChH,MAAI,OAAO,SAAS,OAClB,QAAO,OAAO,KAAK,OAAO,eAAe,OAAO,KAAK,EAAC,aAAc;AAEtE,uBAAqB,OAAO,MAAM,OAAO,KAAK;YACrC,OAAO,UAAU,eAAe,KAAK,QAAQ,IAAI,IAAI,OAAO,SAAS,OAC9E,QAAO,OAAO,OAAO"}

package/dist/runtime/{utils-DIVknyRo.mjs → utils-_GMGltn-.mjs}

@@ -45,7 +45,7 @@ const fastDeepMergeAndReplace = (source, target) => {
 	for (const key in source) if (Object.prototype.hasOwnProperty.call(source, key) && source[key] !== null && typeof source[key] === `object`) {
 		if (target[key] === void 0) target[key] = new (Object.getPrototypeOf(source[key])).constructor();
 		fastDeepMergeAndReplace(source[key], target[key]);
-	} else if (Object.prototype.hasOwnProperty.call(source, key)) target[key] = source[key];
+	} else if (Object.prototype.hasOwnProperty.call(source, key) && source[key] !== void 0) target[key] = source[key];
 };
 const fastDeepMergeAndKeep = (source, target) => {
 	if (!source || !target) return;
@@ -57,4 +57,4 @@ const fastDeepMergeAndKeep = (source, target) => {
 
 //#endregion
 export { allSettled as a, logErrorInDevMode as i, fastDeepMergeAndReplace as n, runIfFunctionOrReturn as r, fastDeepMergeAndKeep as t };
-//# sourceMappingURL=utils-DIVknyRo.mjs.map
+//# sourceMappingURL=utils-_GMGltn-.mjs.map

package/dist/runtime/utils-_GMGltn-.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils-_GMGltn-.mjs","names":[],"sources":["../../src/utils/allSettled.ts","../../src/utils/logErrorInDevMode.ts","../../src/utils/runIfFunctionOrReturn.ts","../../src/utils/fastDeepMerge.ts"],"sourcesContent":["/**\n * A ES6 compatible utility that implements `Promise.allSettled`\n *\n * @internal\n */\nexport function allSettled<T>(\n  iterable: Iterable<Promise<T>>,\n): Promise<({ status: 'fulfilled'; value: T } | { status: 'rejected'; reason: any })[]> {\n  const promises = Array.from(iterable).map(p =>\n    p.then(\n      value => ({ status: 'fulfilled', value }) as const,\n      reason => ({ status: 'rejected', reason }) as const,\n    ),\n  );\n  return Promise.all(promises);\n}\n","import { isDevelopmentEnvironment } from './runtimeEnvironment';\n\nexport const logErrorInDevMode = (message: string) => {\n  if (isDevelopmentEnvironment()) {\n    console.error(`Clerk: ${message}`);\n  }\n};\n","/**\n *\n */\nexport function runIfFunctionOrReturn(o: unknown) {\n  if (typeof o === 'function') {\n    return o();\n  }\n  return o;\n}\n","/**\n * Merges 2 objects without creating new object references\n * The merged props will appear on the `target` object\n * If `target` already has a value for a given key it will not be overwritten\n */\nexport const fastDeepMergeAndReplace = (\n  source: Record<any, any> | undefined | null,\n  target: Record<any, any> | undefined | null,\n) => {\n  if (!source || !target) {\n    return;\n  }\n\n  for (const key in source) {\n    if (Object.prototype.hasOwnProperty.call(source, key) && source[key] !== null && typeof source[key] === `object`) {\n      if (target[key] === undefined) {\n        target[key] = new (Object.getPrototypeOf(source[key]).constructor)();\n      }\n      fastDeepMergeAndReplace(source[key], target[key]);\n    } else if (Object.prototype.hasOwnProperty.call(source, key) && source[key] !== undefined) {\n      target[key] = source[key];\n    }\n  }\n};\n\nexport const fastDeepMergeAndKeep = (\n  source: Record<any, any> | undefined | null,\n  target: Record<any, any> | undefined | null,\n) => {\n  if (!source || !target) {\n    return;\n  }\n\n  for (const key in source) {\n    if (Object.prototype.hasOwnProperty.call(source, key) && source[key] !== null && typeof source[key] === `object`) {\n      if (target[key] === undefined) {\n        target[key] = new (Object.getPrototypeOf(source[key]).constructor)();\n      }\n      fastDeepMergeAndKeep(source[key], target[key]);\n    } else if (Object.prototype.hasOwnProperty.call(source, key) && target[key] === undefined) {\n      target[key] = source[key];\n    }\n  }\n};\n"],"mappings":";;;;;;;;AAKA,SAAgB,WACd,UACsF;CACtF,MAAM,WAAW,MAAM,KAAK,SAAS,CAAC,KAAI,MACxC,EAAE,MACA,WAAU;EAAE,QAAQ;EAAa;EAAO,IACxC,YAAW;EAAE,QAAQ;EAAY;EAAQ,EAC1C,CACF;AACD,QAAO,QAAQ,IAAI,SAAS;;;;;ACZ9B,MAAa,qBAAqB,YAAoB;AACpD,KAAI,0BAA0B,CAC5B,SAAQ,MAAM,UAAU,UAAU;;;;;;;;ACDtC,SAAgB,sBAAsB,GAAY;AAChD,KAAI,OAAO,MAAM,WACf,QAAO,GAAG;AAEZ,QAAO;;;;;;;;;;ACFT,MAAa,2BACX,QACA,WACG;AACH,KAAI,CAAC,UAAU,CAAC,OACd;AAGF,MAAK,MAAM,OAAO,OAChB,KAAI,OAAO,UAAU,eAAe,KAAK,QAAQ,IAAI,IAAI,OAAO,SAAS,QAAQ,OAAO,OAAO,SAAS,UAAU;AAChH,MAAI,OAAO,SAAS,OAClB,QAAO,OAAO,KAAK,OAAO,eAAe,OAAO,KAAK,EAAC,aAAc;AAEtE,0BAAwB,OAAO,MAAM,OAAO,KAAK;YACxC,OAAO,UAAU,eAAe,KAAK,QAAQ,IAAI,IAAI,OAAO,SAAS,OAC9E,QAAO,OAAO,OAAO;;AAK3B,MAAa,wBACX,QACA,WACG;AACH,KAAI,CAAC,UAAU,CAAC,OACd;AAGF,MAAK,MAAM,OAAO,OAChB,KAAI,OAAO,UAAU,eAAe,KAAK,QAAQ,IAAI,IAAI,OAAO,SAAS,QAAQ,OAAO,OAAO,SAAS,UAAU;AAChH,MAAI,OAAO,SAAS,OAClB,QAAO,OAAO,KAAK,OAAO,eAAe,OAAO,KAAK,EAAC,aAAc;AAEtE,uBAAqB,OAAO,MAAM,OAAO,KAAK;YACrC,OAAO,UAAU,eAAe,KAAK,QAAQ,IAAI,IAAI,OAAO,SAAS,OAC9E,QAAO,OAAO,OAAO"}

package/dist/runtime/{versionSelector-BCYnlaG9.js → versionSelector-B5q6tBm5.js}

@@ -11,7 +11,7 @@
 * @param packageVersion - The version of `@clerk/clerk-js` that will be used if an explicit version is not provided
 * @returns The npm tag, version or major version to use
 */
-const versionSelector = (clerkJSVersion, packageVersion = "6.0.0-snapshot.v20251217194100") => {
+const versionSelector = (clerkJSVersion, packageVersion = "6.0.0-snapshot.v20251218165926") => {
 	if (clerkJSVersion) return clerkJSVersion;
 	const prereleaseTag = getPrereleaseTag(packageVersion);
 	if (prereleaseTag) {
@@ -36,4 +36,4 @@ Object.defineProperty(exports, 'versionSelector', {
     return versionSelector;
   }
 });
-//# sourceMappingURL=versionSelector-BCYnlaG9.js.map
+//# sourceMappingURL=versionSelector-B5q6tBm5.js.map

package/dist/runtime/{versionSelector-BCYnlaG9.js.map → versionSelector-B5q6tBm5.js.map}

@@ -1 +1 @@
-{"version":3,"file":"versionSelector-BCYnlaG9.js","names":[],"sources":["../../src/versionSelector.ts"],"sourcesContent":["/**\n * This version selector is a bit complicated, so here is the flow:\n * 1. Use the clerkJSVersion prop on the provider\n * 2. Use the exact `@clerk/clerk-js` version if it is a `@snapshot` prerelease\n * 3. Use the prerelease tag of `@clerk/clerk-js` or the packageVersion provided\n * 4. Fallback to the major version of `@clerk/clerk-js` or the packageVersion provided\n *\n * @param clerkJSVersion - The optional clerkJSVersion prop on the provider\n * @param packageVersion - The version of `@clerk/clerk-js` that will be used if an explicit version is not provided\n * @returns The npm tag, version or major version to use\n */\nexport const versionSelector = (clerkJSVersion: string | undefined, packageVersion = JS_PACKAGE_VERSION) => {\n  if (clerkJSVersion) {\n    return clerkJSVersion;\n  }\n\n  const prereleaseTag = getPrereleaseTag(packageVersion);\n  if (prereleaseTag) {\n    if (prereleaseTag === 'snapshot') {\n      return packageVersion;\n    }\n\n    return prereleaseTag;\n  }\n\n  return getMajorVersion(packageVersion);\n};\n\nconst getPrereleaseTag = (packageVersion: string) =>\n  packageVersion\n    .trim()\n    .replace(/^v/, '')\n    .match(/-(.+?)(\\.|$)/)?.[1];\n\nexport const getMajorVersion = (packageVersion: string) => packageVersion.trim().replace(/^v/, '').split('.')[0];\n"],"mappings":";;;;;;;;;;;;;AAWA,MAAa,mBAAmB,gBAAoC,sDAAwC;AAC1G,KAAI,eACF,QAAO;CAGT,MAAM,gBAAgB,iBAAiB,eAAe;AACtD,KAAI,eAAe;AACjB,MAAI,kBAAkB,WACpB,QAAO;AAGT,SAAO;;AAGT,QAAO,gBAAgB,eAAe;;AAGxC,MAAM,oBAAoB,mBACxB,eACG,MAAM,CACN,QAAQ,MAAM,GAAG,CACjB,MAAM,eAAe,GAAG;AAE7B,MAAa,mBAAmB,mBAA2B,eAAe,MAAM,CAAC,QAAQ,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC"}
+{"version":3,"file":"versionSelector-B5q6tBm5.js","names":[],"sources":["../../src/versionSelector.ts"],"sourcesContent":["/**\n * This version selector is a bit complicated, so here is the flow:\n * 1. Use the clerkJSVersion prop on the provider\n * 2. Use the exact `@clerk/clerk-js` version if it is a `@snapshot` prerelease\n * 3. Use the prerelease tag of `@clerk/clerk-js` or the packageVersion provided\n * 4. Fallback to the major version of `@clerk/clerk-js` or the packageVersion provided\n *\n * @param clerkJSVersion - The optional clerkJSVersion prop on the provider\n * @param packageVersion - The version of `@clerk/clerk-js` that will be used if an explicit version is not provided\n * @returns The npm tag, version or major version to use\n */\nexport const versionSelector = (clerkJSVersion: string | undefined, packageVersion = JS_PACKAGE_VERSION) => {\n  if (clerkJSVersion) {\n    return clerkJSVersion;\n  }\n\n  const prereleaseTag = getPrereleaseTag(packageVersion);\n  if (prereleaseTag) {\n    if (prereleaseTag === 'snapshot') {\n      return packageVersion;\n    }\n\n    return prereleaseTag;\n  }\n\n  return getMajorVersion(packageVersion);\n};\n\nconst getPrereleaseTag = (packageVersion: string) =>\n  packageVersion\n    .trim()\n    .replace(/^v/, '')\n    .match(/-(.+?)(\\.|$)/)?.[1];\n\nexport const getMajorVersion = (packageVersion: string) => packageVersion.trim().replace(/^v/, '').split('.')[0];\n"],"mappings":";;;;;;;;;;;;;AAWA,MAAa,mBAAmB,gBAAoC,sDAAwC;AAC1G,KAAI,eACF,QAAO;CAGT,MAAM,gBAAgB,iBAAiB,eAAe;AACtD,KAAI,eAAe;AACjB,MAAI,kBAAkB,WACpB,QAAO;AAGT,SAAO;;AAGT,QAAO,gBAAgB,eAAe;;AAGxC,MAAM,oBAAoB,mBACxB,eACG,MAAM,CACN,QAAQ,MAAM,GAAG,CACjB,MAAM,eAAe,GAAG;AAE7B,MAAa,mBAAmB,mBAA2B,eAAe,MAAM,CAAC,QAAQ,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC"}

package/dist/runtime/{versionSelector-BDdMDP_y.mjs → versionSelector-D3qbhCsB.mjs}

@@ -10,7 +10,7 @@
 * @param packageVersion - The version of `@clerk/clerk-js` that will be used if an explicit version is not provided
 * @returns The npm tag, version or major version to use
 */
-const versionSelector = (clerkJSVersion, packageVersion = "6.0.0-snapshot.v20251217194100") => {
+const versionSelector = (clerkJSVersion, packageVersion = "6.0.0-snapshot.v20251218165926") => {
 	if (clerkJSVersion) return clerkJSVersion;
 	const prereleaseTag = getPrereleaseTag(packageVersion);
 	if (prereleaseTag) {
@@ -24,4 +24,4 @@ const getMajorVersion = (packageVersion) => packageVersion.trim().replace(/^v/,
 
 //#endregion
 export { versionSelector as n, getMajorVersion as t };
-//# sourceMappingURL=versionSelector-BDdMDP_y.mjs.map
+//# sourceMappingURL=versionSelector-D3qbhCsB.mjs.map

package/dist/runtime/{versionSelector-BDdMDP_y.mjs.map → versionSelector-D3qbhCsB.mjs.map}

@@ -1 +1 @@
-{"version":3,"file":"versionSelector-BDdMDP_y.mjs","names":[],"sources":["../../src/versionSelector.ts"],"sourcesContent":["/**\n * This version selector is a bit complicated, so here is the flow:\n * 1. Use the clerkJSVersion prop on the provider\n * 2. Use the exact `@clerk/clerk-js` version if it is a `@snapshot` prerelease\n * 3. Use the prerelease tag of `@clerk/clerk-js` or the packageVersion provided\n * 4. Fallback to the major version of `@clerk/clerk-js` or the packageVersion provided\n *\n * @param clerkJSVersion - The optional clerkJSVersion prop on the provider\n * @param packageVersion - The version of `@clerk/clerk-js` that will be used if an explicit version is not provided\n * @returns The npm tag, version or major version to use\n */\nexport const versionSelector = (clerkJSVersion: string | undefined, packageVersion = JS_PACKAGE_VERSION) => {\n  if (clerkJSVersion) {\n    return clerkJSVersion;\n  }\n\n  const prereleaseTag = getPrereleaseTag(packageVersion);\n  if (prereleaseTag) {\n    if (prereleaseTag === 'snapshot') {\n      return packageVersion;\n    }\n\n    return prereleaseTag;\n  }\n\n  return getMajorVersion(packageVersion);\n};\n\nconst getPrereleaseTag = (packageVersion: string) =>\n  packageVersion\n    .trim()\n    .replace(/^v/, '')\n    .match(/-(.+?)(\\.|$)/)?.[1];\n\nexport const getMajorVersion = (packageVersion: string) => packageVersion.trim().replace(/^v/, '').split('.')[0];\n"],"mappings":";;;;;;;;;;;;AAWA,MAAa,mBAAmB,gBAAoC,sDAAwC;AAC1G,KAAI,eACF,QAAO;CAGT,MAAM,gBAAgB,iBAAiB,eAAe;AACtD,KAAI,eAAe;AACjB,MAAI,kBAAkB,WACpB,QAAO;AAGT,SAAO;;AAGT,QAAO,gBAAgB,eAAe;;AAGxC,MAAM,oBAAoB,mBACxB,eACG,MAAM,CACN,QAAQ,MAAM,GAAG,CACjB,MAAM,eAAe,GAAG;AAE7B,MAAa,mBAAmB,mBAA2B,eAAe,MAAM,CAAC,QAAQ,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC"}
+{"version":3,"file":"versionSelector-D3qbhCsB.mjs","names":[],"sources":["../../src/versionSelector.ts"],"sourcesContent":["/**\n * This version selector is a bit complicated, so here is the flow:\n * 1. Use the clerkJSVersion prop on the provider\n * 2. Use the exact `@clerk/clerk-js` version if it is a `@snapshot` prerelease\n * 3. Use the prerelease tag of `@clerk/clerk-js` or the packageVersion provided\n * 4. Fallback to the major version of `@clerk/clerk-js` or the packageVersion provided\n *\n * @param clerkJSVersion - The optional clerkJSVersion prop on the provider\n * @param packageVersion - The version of `@clerk/clerk-js` that will be used if an explicit version is not provided\n * @returns The npm tag, version or major version to use\n */\nexport const versionSelector = (clerkJSVersion: string | undefined, packageVersion = JS_PACKAGE_VERSION) => {\n  if (clerkJSVersion) {\n    return clerkJSVersion;\n  }\n\n  const prereleaseTag = getPrereleaseTag(packageVersion);\n  if (prereleaseTag) {\n    if (prereleaseTag === 'snapshot') {\n      return packageVersion;\n    }\n\n    return prereleaseTag;\n  }\n\n  return getMajorVersion(packageVersion);\n};\n\nconst getPrereleaseTag = (packageVersion: string) =>\n  packageVersion\n    .trim()\n    .replace(/^v/, '')\n    .match(/-(.+?)(\\.|$)/)?.[1];\n\nexport const getMajorVersion = (packageVersion: string) => packageVersion.trim().replace(/^v/, '').split('.')[0];\n"],"mappings":";;;;;;;;;;;;AAWA,MAAa,mBAAmB,gBAAoC,sDAAwC;AAC1G,KAAI,eACF,QAAO;CAGT,MAAM,gBAAgB,iBAAiB,eAAe;AACtD,KAAI,eAAe;AACjB,MAAI,kBAAkB,WACpB,QAAO;AAGT,SAAO;;AAGT,QAAO,gBAAgB,eAAe;;AAGxC,MAAM,oBAAoB,mBACxB,eACG,MAAM,CACN,QAAQ,MAAM,GAAG,CACjB,MAAM,eAAe,GAAG;AAE7B,MAAa,mBAAmB,mBAA2B,eAAe,MAAM,CAAC,QAAQ,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC"}

package/dist/runtime/versionSelector.js

@@ -1,4 +1,4 @@
-const require_versionSelector = require('./versionSelector-BCYnlaG9.js');
+const require_versionSelector = require('./versionSelector-B5q6tBm5.js');
 
 exports.getMajorVersion = require_versionSelector.getMajorVersion;
 exports.versionSelector = require_versionSelector.versionSelector;

package/dist/runtime/versionSelector.mjs

@@ -1,3 +1,3 @@
-import { n as versionSelector, t as getMajorVersion } from "./versionSelector-BDdMDP_y.mjs";
+import { n as versionSelector, t as getMajorVersion } from "./versionSelector-D3qbhCsB.mjs";
 
 export { getMajorVersion, versionSelector };

package/dist/runtime/{waitForElement-DIzKZ_vR.d.mts → waitForElement-DOgNgQPc.d.mts}

@@ -5,4 +5,4 @@
 declare function waitForElement(selector: string): Promise<HTMLElement | null>;
 //#endregion
 export { waitForElement as t };
-//# sourceMappingURL=waitForElement-DIzKZ_vR.d.mts.map
+//# sourceMappingURL=waitForElement-DOgNgQPc.d.mts.map

package/dist/runtime/waitForElement-DOgNgQPc.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"waitForElement-DOgNgQPc.d.mts","names":[],"sources":["../../src/dom/waitForElement.ts"],"sourcesContent":[],"mappings":";;AAGA;;iBAAgB,cAAA,oBAAkC,QAAQ"}

package/dist/runtime/web3.d.mts

@@ -1,5 +1,5 @@
-import { Fu as Web3ProviderData } from "./index-Bb1t7kYz.mjs";
-import "./moduleManager-pxNnXwxv.mjs";
+import { Bu as Web3ProviderData } from "./index-C799Ulyv.mjs";
+import "./moduleManager-BYIq4wgi.mjs";
 
 //#region src/web3.d.ts
 declare const WEB3_PROVIDERS: Web3ProviderData[];

package/dist/runtime/web3.d.ts

@@ -1,4 +1,4 @@
-import { Fu as Web3ProviderData } from "./index-C32ntfvR.js";
+import { Bu as Web3ProviderData } from "./index-BZAgbf9u.js";
 import "./moduleManager-WB15hU3T.js";
 
 //#region src/web3.d.ts

package/dist/runtime/web3.js

@@ -20,6 +20,11 @@ const WEB3_PROVIDERS = [
 		provider: "okx_wallet",
 		strategy: "web3_okx_wallet_signature",
 		name: "OKX Wallet"
+	},
+	{
+		provider: "solana",
+		strategy: "web3_solana_signature",
+		name: "Solana"
 	}
 ];
 

package/dist/runtime/web3.js.map

@@ -1 +1 @@
-{"version":3,"file":"web3.js","names":["WEB3_PROVIDERS: Web3ProviderData[]"],"sources":["../../src/web3.ts"],"sourcesContent":["import type { Web3ProviderData } from './types';\n\nexport const WEB3_PROVIDERS: Web3ProviderData[] = [\n  {\n    provider: 'metamask',\n    strategy: 'web3_metamask_signature',\n    name: 'MetaMask',\n  },\n  {\n    provider: 'base',\n    strategy: 'web3_base_signature',\n    name: 'Base',\n  },\n  {\n    provider: 'coinbase_wallet',\n    strategy: 'web3_coinbase_wallet_signature',\n    name: 'Coinbase Wallet',\n  },\n  {\n    provider: 'okx_wallet',\n    strategy: 'web3_okx_wallet_signature',\n    name: 'OKX Wallet',\n  },\n];\n"],"mappings":";;AAEA,MAAaA,iBAAqC;CAChD;EACE,UAAU;EACV,UAAU;EACV,MAAM;EACP;CACD;EACE,UAAU;EACV,UAAU;EACV,MAAM;EACP;CACD;EACE,UAAU;EACV,UAAU;EACV,MAAM;EACP;CACD;EACE,UAAU;EACV,UAAU;EACV,MAAM;EACP;CACF"}
+{"version":3,"file":"web3.js","names":["WEB3_PROVIDERS: Web3ProviderData[]"],"sources":["../../src/web3.ts"],"sourcesContent":["import type { Web3ProviderData } from './types';\n\nexport const WEB3_PROVIDERS: Web3ProviderData[] = [\n  {\n    provider: 'metamask',\n    strategy: 'web3_metamask_signature',\n    name: 'MetaMask',\n  },\n  {\n    provider: 'base',\n    strategy: 'web3_base_signature',\n    name: 'Base',\n  },\n  {\n    provider: 'coinbase_wallet',\n    strategy: 'web3_coinbase_wallet_signature',\n    name: 'Coinbase Wallet',\n  },\n  {\n    provider: 'okx_wallet',\n    strategy: 'web3_okx_wallet_signature',\n    name: 'OKX Wallet',\n  },\n  {\n    provider: 'solana',\n    strategy: 'web3_solana_signature',\n    name: 'Solana',\n  },\n];\n"],"mappings":";;AAEA,MAAaA,iBAAqC;CAChD;EACE,UAAU;EACV,UAAU;EACV,MAAM;EACP;CACD;EACE,UAAU;EACV,UAAU;EACV,MAAM;EACP;CACD;EACE,UAAU;EACV,UAAU;EACV,MAAM;EACP;CACD;EACE,UAAU;EACV,UAAU;EACV,MAAM;EACP;CACD;EACE,UAAU;EACV,UAAU;EACV,MAAM;EACP;CACF"}

package/dist/runtime/web3.mjs

@@ -19,6 +19,11 @@ const WEB3_PROVIDERS = [
 		provider: "okx_wallet",
 		strategy: "web3_okx_wallet_signature",
 		name: "OKX Wallet"
+	},
+	{
+		provider: "solana",
+		strategy: "web3_solana_signature",
+		name: "Solana"
 	}
 ];
 

package/dist/runtime/web3.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"web3.mjs","names":["WEB3_PROVIDERS: Web3ProviderData[]"],"sources":["../../src/web3.ts"],"sourcesContent":["import type { Web3ProviderData } from './types';\n\nexport const WEB3_PROVIDERS: Web3ProviderData[] = [\n  {\n    provider: 'metamask',\n    strategy: 'web3_metamask_signature',\n    name: 'MetaMask',\n  },\n  {\n    provider: 'base',\n    strategy: 'web3_base_signature',\n    name: 'Base',\n  },\n  {\n    provider: 'coinbase_wallet',\n    strategy: 'web3_coinbase_wallet_signature',\n    name: 'Coinbase Wallet',\n  },\n  {\n    provider: 'okx_wallet',\n    strategy: 'web3_okx_wallet_signature',\n    name: 'OKX Wallet',\n  },\n];\n"],"mappings":";AAEA,MAAaA,iBAAqC;CAChD;EACE,UAAU;EACV,UAAU;EACV,MAAM;EACP;CACD;EACE,UAAU;EACV,UAAU;EACV,MAAM;EACP;CACD;EACE,UAAU;EACV,UAAU;EACV,MAAM;EACP;CACD;EACE,UAAU;EACV,UAAU;EACV,MAAM;EACP;CACF"}
+{"version":3,"file":"web3.mjs","names":["WEB3_PROVIDERS: Web3ProviderData[]"],"sources":["../../src/web3.ts"],"sourcesContent":["import type { Web3ProviderData } from './types';\n\nexport const WEB3_PROVIDERS: Web3ProviderData[] = [\n  {\n    provider: 'metamask',\n    strategy: 'web3_metamask_signature',\n    name: 'MetaMask',\n  },\n  {\n    provider: 'base',\n    strategy: 'web3_base_signature',\n    name: 'Base',\n  },\n  {\n    provider: 'coinbase_wallet',\n    strategy: 'web3_coinbase_wallet_signature',\n    name: 'Coinbase Wallet',\n  },\n  {\n    provider: 'okx_wallet',\n    strategy: 'web3_okx_wallet_signature',\n    name: 'OKX Wallet',\n  },\n  {\n    provider: 'solana',\n    strategy: 'web3_solana_signature',\n    name: 'Solana',\n  },\n];\n"],"mappings":";AAEA,MAAaA,iBAAqC;CAChD;EACE,UAAU;EACV,UAAU;EACV,MAAM;EACP;CACD;EACE,UAAU;EACV,UAAU;EACV,MAAM;EACP;CACD;EACE,UAAU;EACV,UAAU;EACV,MAAM;EACP;CACD;EACE,UAAU;EACV,UAAU;EACV,MAAM;EACP;CACD;EACE,UAAU;EACV,UAAU;EACV,MAAM;EACP;CACF"}