@microsoft/teams-js 2.39.0 → 2.39.1

package/README.md

@@ -24,7 +24,7 @@ To install the stable [version](https://learn.microsoft.com/javascript/api/overv
 
 ### Production
 
-You can reference these files directly [from here](https://res.cdn.office.net/teams-js/2.39.0/js/MicrosoftTeams.min.js) or point your package manager at them.
+You can reference these files directly [from here](https://res.cdn.office.net/teams-js/2.39.1/js/MicrosoftTeams.min.js) or point your package manager at them.
 
 ## Usage
 
@@ -45,13 +45,13 @@ Reference the library inside of your `.html` page using:
 ```html
 <!-- Microsoft Teams JavaScript API (via CDN) -->
 <script
-  src="https://res.cdn.office.net/teams-js/2.39.0/js/MicrosoftTeams.min.js"
-  integrity="sha384-XYPfud/y4+g4RJ1EBfLD8IVybNuKXSda4PyKOc8h56srGBwitmBqbBWHb0mNWtfd"
+  src="https://res.cdn.office.net/teams-js/2.39.1/js/MicrosoftTeams.min.js"
+  integrity="sha384-DCaADE5ucxq02uymDGfLHqBklxuM03ZONTCmqdwEFNouwR1kHsPHVT1UYOyb3X72"
   crossorigin="anonymous"
 ></script>
 
 <!-- Microsoft Teams JavaScript API (via npm) -->
-<script src="node_modules/@microsoft/teams-js@2.39.0/dist/MicrosoftTeams.min.js"></script>
+<script src="node_modules/@microsoft/teams-js@2.39.1/dist/MicrosoftTeams.min.js"></script>
 
 <!-- Microsoft Teams JavaScript API (via local) -->
 <script src="MicrosoftTeams.min.js"></script>

package/dist/esm/packages/teams-js/dts/internal/validOrigins.d.ts

@@ -4,3 +4,10 @@ export declare function prefetchOriginsFromCDN(): Promise<void>;
  * Limited to Microsoft-internal use
  */
 export declare function validateOrigin(messageOrigin: URL, disableCache?: boolean): Promise<boolean>;
+/**
+ * @internal
+ * Limited to Microsoft-internal use
+ *
+ * This function is only used for testing to reset the valid origins cache and ignore prefetched values.
+ */
+export declare function resetValidOriginsCache(): void;

package/dist/esm/packages/teams-js/dts/private/copilot/sidePanelInterfaces.d.ts

@@ -54,8 +54,17 @@ export interface ServerEmailContent extends BaseEmailContent {
  * Limited to Microsoft-internal use
  */
 export interface DraftEmailContent extends BaseEmailContent {
+    responseToEmailId?: string;
     savedTime?: Date;
 }
+/**
+ * @hidden
+ *
+ * Interface for draft email content (no id, times optional)
+ *
+ * @internal
+ * Limited to Microsoft-internal use
+ */
 export type EmailContent = ServerEmailContent | DraftEmailContent;
 /**
  * @hidden
@@ -207,6 +216,15 @@ export interface MixedContent {
  * Limited to Microsoft-internal use
  */
 export type ContentItem = EmailContent | TextSelection | MediaSelection | CalendarInviteContent | WebPageContent | MixedContent;
+/**
+ * @hidden
+ *
+ * The Content interface represents the content data structure used in the side panel.
+ * It si the payload received by the copilot app from the hub.
+ *
+ * @internal
+ * Limited to Microsoft-internal use
+ */
 export interface Content {
     userAction?: string;
     contentType: ContentItemType.CALENDAR_INVITE | ContentItemType.EMAIL | ContentItemType.MEDIA | ContentItemType.TEXT | ContentItemType.WEB_PAGE | ContentItemType.MIXED;
@@ -217,6 +235,14 @@ export interface Content {
     error_code?: string;
     status?: string;
 }
+/**
+ * @hidden
+ *
+ * The ContentRequest interface represents the request params sent to the hub to fetch content.
+ *
+ * @internal
+ * Limited to Microsoft-internal use
+ */
 export interface ContentRequest {
     localEndpointInfo: string;
 }

package/dist/esm/packages/teams-js/dts/private/nestedAppAuth/nestedAppAuthBridge.d.ts

@@ -17,7 +17,7 @@
  * @internal
  * Limited to Microsoft-internal use
  */
-export declare const version = "1.0.0";
+export declare const version = "1.0.1";
 /**
  * @beta
  * @hidden

package/dist/esm/packages/teams-js/src/artifactsForCDN/validDomains.json.js

@@ -1 +1 @@
-var o=["teams.microsoft.com","teams.microsoft.us","gov.teams.microsoft.us","dod.teams.microsoft.us","int.teams.microsoft.com","outlook.office.com","outlook-sdf.office.com","outlook.office365.com","outlook-sdf.office365.com","outlook.live.com","outlook-sdf.live.com","teams.live.com","local.teams.live.com","local.teams.live.com:8080","local.teams.office.com","local.teams.office.com:8080","devspaces.skype.com","*.www.office.com","www.office.com","word.office.com","excel.office.com","powerpoint.office.com","www.officeppe.com","*.www.microsoft365.com","www.microsoft365.com","bing.com","edgeservices.bing.com","work.bing.com","www.bing.com","www.staging-bing-int.com","*.cloud.microsoft","*.m365.cloud.microsoft","chatuxmanager.svc.cloud.microsoft","copilot.microsoft.com","windows.msn.com","fa000000125.resources.office.net","fa000000129.resources.office.net","fa000000124.resources.office.net","fa000000128.resources.office.net","fa000000136.resources.office.net"],c={validOrigins:o};export{c as default,o as validOrigins};
+var o=["teams.microsoft.com","teams.microsoft.us","gov.teams.microsoft.us","dod.teams.microsoft.us","int.teams.microsoft.com","outlook.office.com","outlook-sdf.office.com","outlook.office365.com","outlook-sdf.office365.com","outlook.live.com","outlook-sdf.live.com","teams.live.com","local.teams.live.com","local.teams.live.com:8080","local.teams.office.com","local.teams.office.com:8080","devspaces.skype.com","*.www.office.com","www.office.com","word.office.com","excel.office.com","powerpoint.office.com","www.officeppe.com","*.www.microsoft365.com","www.microsoft365.com","bing.com","edgeservices.bing.com","work.bing.com","www.bing.com","www.staging-bing-int.com","*.cloud.microsoft","*.m365.cloud.microsoft","*.outlook.cloud.microsoft","chatuxmanager.svc.cloud.microsoft","copilot.microsoft.com","windows.msn.com","fa000000125.resources.office.net","fa000000129.resources.office.net","fa000000124.resources.office.net","fa000000128.resources.office.net","fa000000136.resources.office.net"],c={validOrigins:o};export{c as default,o as validOrigins};

package/dist/esm/packages/teams-js/src/internal/validOrigins.js

@@ -1 +1 @@
-import{__awaiter as i}from"../../../../node_modules/.pnpm/@rollup_plugin-typescript@11.1.6_rollup@4.24.4_tslib@2.6.3_typescript@4.9.5/node_modules/tslib/tslib.es6.js";import{ORIGIN_LIST_FETCH_TIMEOUT_IN_MS as t,validOriginsCdnEndpoint as r,validOriginsFallback as n}from"./constants.js";import{GlobalVars as e}from"./globalVars.js";import{getLogger as o}from"./telemetry.js";import{inServerSideRenderingEnvironment as l,isValidHttpsURL as s}from"./utils.js";let a=[];const u=o("validateOrigin");function c(){return i(this,void 0,void 0,(function*(){yield d()}))}function d(e=!1){return i(this,void 0,void 0,(function*(){if(0!==a.length&&!e)return a;if(l())return a=n,n;{u("Initiating fetch call to acquire valid origins list from CDN");const i=new AbortController,e=setTimeout((()=>i.abort()),t);return fetch(r,{signal:i.signal}).then((i=>{if(clearTimeout(e),!i.ok)throw new Error("Invalid Response from Fetch Call");return u("Fetch call completed and retrieved valid origins list from CDN"),i.json().then((i=>{if(function(i){let t=JSON.parse(i);try{t=JSON.parse(i)}catch(i){return!1}if(!t.validOrigins)return!1;for(const i of t.validOrigins)try{new URL("https://"+i)}catch(t){return u("isValidOriginsFromCDN call failed to validate origin: %s",i),!1}return!0}(JSON.stringify(i)))return a=i.validOrigins,a;throw new Error("Valid origins list retrieved from CDN is invalid")}))})).catch((i=>("AbortError"===i.name?u(`validOrigins fetch call to CDN failed due to Timeout of ${t} ms. Defaulting to fallback list`):u("validOrigins fetch call to CDN failed with error: %s. Defaulting to fallback list",i),a=n,a)))}}))}function f(i,t){if("*."===i.substring(0,2)){const r=i.substring(1);if(t.length>r.length&&t.split(".").length===r.split(".").length&&t.substring(t.length-r.length)===r)return!0}else if(i===t)return!0;return!1}function g(i,t){return d(t).then((t=>{if(!s(i))return u("Origin %s is invalid because it is not using https protocol. Protocol being used: %s",i,i.protocol),!1;const r=i.host;if(t.some((i=>f(i,r))))return!0;for(const i of e.additionalValidOrigins){if(f("https://"===i.substring(0,8)?i.substring(8):i,r))return!0}return u("Origin %s is invalid because it is not an origin approved by this library or included in the call to app.initialize.\nOrigins approved by this library: %o\nOrigins included in app.initialize: %o",i,t,e.additionalValidOrigins),!1}))}c();export{c as prefetchOriginsFromCDN,g as validateOrigin};
+import{__awaiter as i}from"../../../../node_modules/.pnpm/@rollup_plugin-typescript@11.1.6_rollup@4.24.4_tslib@2.6.3_typescript@4.9.5/node_modules/tslib/tslib.es6.js";import{ORIGIN_LIST_FETCH_TIMEOUT_IN_MS as t,validOriginsCdnEndpoint as r,validOriginsFallback as n}from"./constants.js";import{GlobalVars as e}from"./globalVars.js";import{getLogger as o}from"./telemetry.js";import{inServerSideRenderingEnvironment as l,isValidHttpsURL as s}from"./utils.js";let a=[];const u=o("validateOrigin");let c;function f(){return i(this,void 0,void 0,(function*(){c||(yield g())}))}function d(){return 0===a.length}function g(e=!1){return i(this,void 0,void 0,(function*(){if(!d()&&!e)return a;if(c)return c;if(l())return a=n,n;{u("Initiating fetch call to acquire valid origins list from CDN");const i=new AbortController,e=setTimeout((()=>i.abort()),t);return c=fetch(r,{signal:i.signal}).then((i=>{if(clearTimeout(e),!i.ok)throw new Error("Invalid Response from Fetch Call");return u("Fetch call completed and retrieved valid origins list from CDN"),i.json().then((i=>{if(function(i){let t=JSON.parse(i);try{t=JSON.parse(i)}catch(i){return!1}if(!t.validOrigins)return!1;for(const i of t.validOrigins)try{new URL("https://"+i)}catch(t){return u("isValidOriginsFromCDN call failed to validate origin: %s",i),!1}return!0}(JSON.stringify(i)))return a=i.validOrigins,a;throw new Error("Valid origins list retrieved from CDN is invalid")}))})).catch((i=>("AbortError"===i.name?u(`validOrigins fetch call to CDN failed due to Timeout of ${t} ms. Defaulting to fallback list`):u("validOrigins fetch call to CDN failed with error: %s. Defaulting to fallback list",i),a=n,a))),c}}))}function p(i,t){if("*."===i.substring(0,2)){const r=i.substring(1);if(t.length>r.length&&t.split(".").length===r.split(".").length&&t.substring(t.length-r.length)===r)return!0}else if(i===t)return!0;return!1}function h(i,t){const r=d()?n:a;return m(i,r)?Promise.resolve(!0):(u("Origin %s is not in the local valid origins list, fetching from CDN",i),g(t).then((t=>m(i,t))))}function m(i,t){if(!s(i))return u("Origin %s is invalid because it is not using https protocol. Protocol being used: %s",i,i.protocol),!1;const r=i.host;if(t.some((i=>p(i,r))))return!0;for(const i of e.additionalValidOrigins){if(p("https://"===i.substring(0,8)?i.substring(8):i,r))return!0}return u("Origin %s is invalid because it is not an origin approved by this library or included in the call to app.initialize.\nOrigins approved by this library: %o\nOrigins included in app.initialize: %o",i,t,e.additionalValidOrigins),!1}f();export{f as prefetchOriginsFromCDN,h as validateOrigin};

package/dist/esm/packages/teams-js/src/private/nestedAppAuth/nestedAppAuthBridge.js

@@ -1 +1 @@
-import e from"../../../../../node_modules/.pnpm/uuid@9.0.1/node_modules/uuid/dist/esm-browser/v4.js";const t="1.0.0",o={onMessage:function(e,t){if(!e||!e.data||"object"!=typeof e.data||null===e.data)return void a("Invalid message format, ignoring. Message: %o",e);if(!function(e,t){if(e&&e!==window.top)return a("Should not process message because it is not coming from the top window"),!1;if(t===n)try{return"https:"===new URL(t).protocol}catch(e){return d("Invalid message origin URL:",e),!1}return!1}(e.source,e.origin))return void a("Message source/origin not allowed, ignoring.");const{args:o}=e.data,[,r]=null!=o?o:[],i=(()=>{try{return JSON.parse(r)}catch(e){return d("Failed to parse response message:",e),null}})();if(!i||"NestedAppAuthResponse"!==i.messageType)return void a("Invalid response format, ignoring. Message: %o",e);t(r)}};let n=null,r=!1;function i(t,i,p=!1){if(r=p,!t)throw new Error("Cannot polyfill nestedAppAuthBridge as the current window does not exist");if(!i)throw new Error("Top origin is required to initialize the Nested App Auth Bridge");try{const e=new URL(i);if("https:"!==e.protocol)throw new Error(`Invalid top origin: ${i}. Only HTTPS origins are allowed.`);n=e.origin}catch(e){throw new Error(`Failed to initialize bridge: invalid top origin: ${i}`)}const u=t;if(u.nestedAppAuthBridge)return void a("Nested App Auth Bridge is already present");const g=function(t){const r=new WeakMap,{onMessage:i}=o,p=e=>t=>i(t,e);return{addEventListener:(e,o)=>{if("message"===e){const n=p(o);r.set(o,n),t.addEventListener(e,n)}else a(`Event ${e} is not supported by nestedAppAuthBridge`)},postMessage:o=>{if(!t.top)throw new Error("window.top is not available for posting messages");try{const r=JSON.parse(o);if("object"==typeof r&&"NestedAppAuthRequest"===r.messageType){const r=function(t){const o=Date.now();return{id:s(),uuid:e(),func:"nestedAppAuth.execute",timestamp:o,apiVersionTag:"v2_nestedAppAuth.execute",monotonicTimestamp:o,args:[],data:t}}(o);if(t===t.top||!n)return void d("Not in an embedded iframe; skipping postMessage.");t.top.postMessage(r,n)}}catch(e){return void d("Failed to parse message:",e,"Original message:",o)}},removeEventListener:(e,o)=>{const n=r.get(o);n&&(t.removeEventListener(e,n),r.delete(o))}}}(u);g&&(u.nestedAppAuthBridge=g)}function s(){return"undefined"!=typeof crypto&&crypto.randomUUID?crypto.randomUUID():Math.random().toString(36).substring(2,11)}function a(...e){r&&console.log(...e)}function d(...e){r&&console.error(...e)}export{i as initialize,t as version};
+import e from"../../../../../node_modules/.pnpm/uuid@9.0.1/node_modules/uuid/dist/esm-browser/v4.js";const t="1.0.1",n={onMessage:function(e,t){if(!e||!e.data||"object"!=typeof e.data||null===e.data)return void a("Invalid message format, ignoring. Message: %o",e);if(!function(e,t){if(t===o)try{return"https:"===new URL(t).protocol}catch(e){return d("Invalid message origin URL:",e),!1}return!1}(e.source,e.origin))return void a("Message source/origin not allowed, ignoring.");const{args:n}=e.data,[,r]=null!=n?n:[],i=(()=>{try{return JSON.parse(r)}catch(e){return d("Failed to parse response message:",e),null}})();if(!i||"NestedAppAuthResponse"!==i.messageType)return void a("Invalid response format, ignoring. Message: %o",e);t(r)}};let o=null,r=!1;function i(t,i,p=!1){if(r=p,!t)throw new Error("Cannot polyfill nestedAppAuthBridge as the current window does not exist");if(!i)throw new Error("Top origin is required to initialize the Nested App Auth Bridge");try{const e=new URL(i);if("https:"!==e.protocol)throw new Error(`Invalid top origin: ${i}. Only HTTPS origins are allowed.`);o=e.origin}catch(e){throw new Error(`Failed to initialize bridge: invalid top origin: ${i}`)}const u=t;if(u.nestedAppAuthBridge)return void a("Nested App Auth Bridge is already present");const g=function(t){const r=new WeakMap,{onMessage:i}=n,p=e=>t=>i(t,e);return{addEventListener:(e,n)=>{if("message"===e){const o=p(n);r.set(n,o),t.addEventListener(e,o)}else a(`Event ${e} is not supported by nestedAppAuthBridge`)},postMessage:n=>{if(!t.top)throw new Error("window.top is not available for posting messages");try{const r=JSON.parse(n);if("object"==typeof r&&"NestedAppAuthRequest"===r.messageType){const r=function(t){const n=Date.now();return{id:s(),uuid:e(),func:"nestedAppAuth.execute",timestamp:n,apiVersionTag:"v2_nestedAppAuth.execute",monotonicTimestamp:n,args:[],data:t}}(n);if(t===t.top||!o)return void d("Not in an embedded iframe; skipping postMessage.");t.top.postMessage(r,o)}}catch(e){return void d("Failed to parse message:",e,"Original message:",n)}},removeEventListener:(e,n)=>{const o=r.get(n);o&&(t.removeEventListener(e,o),r.delete(n))}}}(u);g&&(u.nestedAppAuthBridge=g)}function s(){return"undefined"!=typeof crypto&&crypto.randomUUID?crypto.randomUUID():Math.random().toString(36).substring(2,11)}function a(...e){r&&console.log(...e)}function d(...e){r&&console.error(...e)}export{i as initialize,t as version};

package/dist/esm/packages/teams-js/src/public/version.js

@@ -1 +1 @@
-const o="2.39.0";export{o as version};
+const o="2.39.1";export{o as version};

package/dist/umd/MicrosoftTeams.js

@@ -2231,7 +2231,7 @@ var ClipboardSupportedMimeType;
 })(ClipboardSupportedMimeType || (ClipboardSupportedMimeType = {}));
 
 ;// ./src/artifactsForCDN/validDomains.json
-const validDomains_namespaceObject = /*#__PURE__*/JSON.parse('{"validOrigins":["teams.microsoft.com","teams.microsoft.us","gov.teams.microsoft.us","dod.teams.microsoft.us","int.teams.microsoft.com","outlook.office.com","outlook-sdf.office.com","outlook.office365.com","outlook-sdf.office365.com","outlook.live.com","outlook-sdf.live.com","teams.live.com","local.teams.live.com","local.teams.live.com:8080","local.teams.office.com","local.teams.office.com:8080","devspaces.skype.com","*.www.office.com","www.office.com","word.office.com","excel.office.com","powerpoint.office.com","www.officeppe.com","*.www.microsoft365.com","www.microsoft365.com","bing.com","edgeservices.bing.com","work.bing.com","www.bing.com","www.staging-bing-int.com","*.cloud.microsoft","*.m365.cloud.microsoft","chatuxmanager.svc.cloud.microsoft","copilot.microsoft.com","windows.msn.com","fa000000125.resources.office.net","fa000000129.resources.office.net","fa000000124.resources.office.net","fa000000128.resources.office.net","fa000000136.resources.office.net"]}');
+const validDomains_namespaceObject = /*#__PURE__*/JSON.parse('{"validOrigins":["teams.microsoft.com","teams.microsoft.us","gov.teams.microsoft.us","dod.teams.microsoft.us","int.teams.microsoft.com","outlook.office.com","outlook-sdf.office.com","outlook.office365.com","outlook-sdf.office365.com","outlook.live.com","outlook-sdf.live.com","teams.live.com","local.teams.live.com","local.teams.live.com:8080","local.teams.office.com","local.teams.office.com:8080","devspaces.skype.com","*.www.office.com","www.office.com","word.office.com","excel.office.com","powerpoint.office.com","www.officeppe.com","*.www.microsoft365.com","www.microsoft365.com","bing.com","edgeservices.bing.com","work.bing.com","www.bing.com","www.staging-bing-int.com","*.cloud.microsoft","*.m365.cloud.microsoft","*.outlook.cloud.microsoft","chatuxmanager.svc.cloud.microsoft","copilot.microsoft.com","windows.msn.com","fa000000125.resources.office.net","fa000000129.resources.office.net","fa000000124.resources.office.net","fa000000128.resources.office.net","fa000000136.resources.office.net"]}');
 var artifactsForCDN_validDomains_namespaceObject = /*#__PURE__*/__webpack_require__.t(validDomains_namespaceObject, 2);
 ;// ./src/internal/constants.ts
 
@@ -4585,7 +4585,7 @@ function isSerializable(arg) {
  * @hidden
  *  Package version.
  */
-const version = "2.39.0";
+const version = "2.39.1";
 
 ;// ./src/public/featureFlags.ts
 // All build feature flags are defined inside this object. Any build feature flag must have its own unique getter and setter function. This pattern allows for client apps to treeshake unused code and avoid including code guarded by this feature flags in the final bundle. If this property isn't desired, use the below runtime feature flags object.
@@ -6641,9 +6641,12 @@ var validOrigins_awaiter = (undefined && undefined.__awaiter) || function (thisA
 
 let validOriginsCache = [];
 const validateOriginLogger = getLogger('validateOrigin');
+let validOriginsPromise;
 function prefetchOriginsFromCDN() {
     return validOrigins_awaiter(this, void 0, void 0, function* () {
-        yield getValidOriginsListFromCDN();
+        if (!validOriginsPromise) {
+            yield getValidOriginsListFromCDN();
+        }
     });
 }
 function isValidOriginsCacheEmpty() {
@@ -6654,11 +6657,15 @@ function getValidOriginsListFromCDN(shouldDisableCache = false) {
         if (!isValidOriginsCacheEmpty() && !shouldDisableCache) {
             return validOriginsCache;
         }
+        if (validOriginsPromise) {
+            // Fetch has already been initiated, return the existing promise
+            return validOriginsPromise;
+        }
         if (!inServerSideRenderingEnvironment()) {
             validateOriginLogger('Initiating fetch call to acquire valid origins list from CDN');
             const controller = new AbortController();
             const timeoutId = setTimeout(() => controller.abort(), ORIGIN_LIST_FETCH_TIMEOUT_IN_MS);
-            return fetch(validOriginsCdnEndpoint, { signal: controller.signal })
+            validOriginsPromise = fetch(validOriginsCdnEndpoint, { signal: controller.signal })
                 .then((response) => {
                 clearTimeout(timeoutId);
                 if (!response.ok) {
@@ -6685,6 +6692,7 @@ function getValidOriginsListFromCDN(shouldDisableCache = false) {
                 validOriginsCache = validOriginsFallback;
                 return validOriginsCache;
             });
+            return validOriginsPromise;
         }
         else {
             validOriginsCache = validOriginsFallback;
@@ -6745,25 +6753,46 @@ function validateHostAgainstPattern(pattern, host) {
  * Limited to Microsoft-internal use
  */
 function validateOrigin(messageOrigin, disableCache) {
-    return getValidOriginsListFromCDN(disableCache).then((validOriginsList) => {
-        // Check whether the url is in the pre-known allowlist or supplied by user
-        if (!isValidHttpsURL(messageOrigin)) {
-            validateOriginLogger('Origin %s is invalid because it is not using https protocol. Protocol being used: %s', messageOrigin, messageOrigin.protocol);
-            return false;
-        }
-        const messageOriginHost = messageOrigin.host;
-        if (validOriginsList.some((pattern) => validateHostAgainstPattern(pattern, messageOriginHost))) {
+    // Try origin against the cache or hardcoded fallback list first before fetching from CDN
+    const localList = !disableCache && !isValidOriginsCacheEmpty() ? validOriginsCache : validOriginsFallback;
+    if (validateOriginWithValidOriginsList(messageOrigin, localList)) {
+        return Promise.resolve(true);
+    }
+    else {
+        validateOriginLogger('Origin %s is not in the local valid origins list, fetching from CDN', messageOrigin);
+        return getValidOriginsListFromCDN(disableCache).then((validOriginsList) => {
+            return validateOriginWithValidOriginsList(messageOrigin, validOriginsList);
+        });
+    }
+}
+function validateOriginWithValidOriginsList(messageOrigin, validOriginsList) {
+    // Check whether the url is in the pre-known allowlist or supplied by user
+    if (!isValidHttpsURL(messageOrigin)) {
+        validateOriginLogger('Origin %s is invalid because it is not using https protocol. Protocol being used: %s', messageOrigin, messageOrigin.protocol);
+        return false;
+    }
+    const messageOriginHost = messageOrigin.host;
+    if (validOriginsList.some((pattern) => validateHostAgainstPattern(pattern, messageOriginHost))) {
+        return true;
+    }
+    for (const domainOrPattern of GlobalVars.additionalValidOrigins) {
+        const pattern = domainOrPattern.substring(0, 8) === 'https://' ? domainOrPattern.substring(8) : domainOrPattern;
+        if (validateHostAgainstPattern(pattern, messageOriginHost)) {
             return true;
         }
-        for (const domainOrPattern of GlobalVars.additionalValidOrigins) {
-            const pattern = domainOrPattern.substring(0, 8) === 'https://' ? domainOrPattern.substring(8) : domainOrPattern;
-            if (validateHostAgainstPattern(pattern, messageOriginHost)) {
-                return true;
-            }
-        }
-        validateOriginLogger('Origin %s is invalid because it is not an origin approved by this library or included in the call to app.initialize.\nOrigins approved by this library: %o\nOrigins included in app.initialize: %o', messageOrigin, validOriginsList, GlobalVars.additionalValidOrigins);
-        return false;
-    });
+    }
+    validateOriginLogger('Origin %s is invalid because it is not an origin approved by this library or included in the call to app.initialize.\nOrigins approved by this library: %o\nOrigins included in app.initialize: %o', messageOrigin, validOriginsList, GlobalVars.additionalValidOrigins);
+    return false;
+}
+/**
+ * @internal
+ * Limited to Microsoft-internal use
+ *
+ * This function is only used for testing to reset the valid origins cache and ignore prefetched values.
+ */
+function resetValidOriginsCache() {
+    validOriginsCache = [];
+    validOriginsPromise = undefined;
 }
 prefetchOriginsFromCDN();
 
@@ -11287,7 +11316,7 @@ function messageChannels_isSupported() {
  * @internal
  * Limited to Microsoft-internal use
  */
-const nestedAppAuthBridge_version = '1.0.0';
+const nestedAppAuthBridge_version = '1.0.1';
 /**
  * Bridge handlers used for processing messages.
  */
@@ -11433,11 +11462,6 @@ function nestedAppAuthBridge_processAuthBridgeMessage(evt, onMessageReceived) {
     onMessageReceived(message);
 }
 function nestedAppAuthBridge_shouldProcessIncomingMessage(messageSource, messageOrigin) {
-    // Reject messages if they are not from the top window
-    if (messageSource && messageSource !== window.top) {
-        log('Should not process message because it is not coming from the top window');
-        return false;
-    }
     // Check if messageOrigin matches topOriginForNAA
     if (messageOrigin === topOriginForNAA) {
         try {