@microsoft/teams-js 2.48.1 → 2.49.0-beta.0

package/dist/esm/packages/teams-js/dts/internal/constants.d.ts

@@ -120,14 +120,6 @@ export declare const ORIGIN_LIST_FETCH_TIMEOUT_IN_MS: number;
  * Limited to Microsoft-internal use
  */
 export declare const validOriginsCdnEndpoint: URL;
-/**
- * @hidden
- * USer specified message origins should satisfy this test
- *
- * @internal
- * Limited to Microsoft-internal use
- */
-export declare const userOriginUrlValidationRegExp: RegExp;
 /**
  * @hidden
  * The protocol used for deep links into Teams

package/dist/esm/packages/teams-js/dts/internal/urlPattern.d.ts

@@ -0,0 +1,47 @@
+import { Debugger } from 'debug/src/browser';
+/**
+ * @hidden
+ * @internal
+ * Limited to Microsoft-internal use.
+ *
+ * Implementation of URL pattern matching logic for validating origins against a list of allowed patterns.
+ */
+export interface URLVerifier {
+    /**
+     * Checks if the given URL matches the pattern defined in the implementation.
+     * @param url - The URL to test against the pattern.
+     * @returns - True if the URL matches the pattern, false otherwise.
+     */
+    test: (url: URL) => boolean;
+}
+/**
+ * @param pattern - reference pattern
+ * @param host - candidate string
+ * @returns returns true if host matches pre-know valid pattern
+ *
+ * @example
+ *    validateHostAgainstPattern('*.teams.microsoft.com', 'subdomain.teams.microsoft.com') returns true
+ *    validateHostAgainstPattern('teams.microsoft.com', 'team.microsoft.com') returns false
+ *
+ * @internal
+ * Limited to Microsoft-internal use
+ */
+export declare function validateHostAgainstPattern(pattern: string, host: string): boolean;
+/**
+ * @hidden
+ * @internal
+ * Limited to Microsoft-internal use.
+ *
+ * Checks if the provided pattern is valid for checking against URLs.
+ * @param pattern - The pattern to validate.
+ * @returns - True if the pattern is valid, false otherwise.
+ */
+export declare function isValidPatternUrl(pattern: string): boolean;
+/**
+ * @hidden
+ * @internal
+ * Limited to Microsoft-internal use.
+ *
+ * Creates a URL verifier based on the provided pattern.
+ */
+export declare function createURLVerifier(pattern: string, logger: Debugger): URLVerifier | undefined;

package/dist/esm/packages/teams-js/dts/public/app/app.d.ts

@@ -517,7 +517,7 @@ export declare function getFrameContext(): FrameContexts | undefined;
  * @param validMessageOrigins - Optionally specify a list of cross-frame message origins. This parameter is used if you know that your app
  * will be hosted on a custom domain (i.e., not a standard Microsoft 365 host like Teams, Outlook, etc.) Most apps will never need
  * to pass a value for this parameter.
- * Any domains passed in the array must have the https: protocol on the string otherwise they will be ignored. Example: https://www.example.com
+ * Any domains passed in the array must define a scheme to be able to be processed. Examples: https://www.example.com, chrome://
  * @returns Promise that will be fulfilled when initialization has completed, or rejected if the initialization fails or times out
  */
 export declare function initialize(validMessageOrigins?: string[]): Promise<void>;

package/dist/esm/packages/teams-js/dts/public/stageView/stageView.d.ts

@@ -20,7 +20,7 @@ export interface StageViewParams {
     /**
      * The chat or channel ID.
      */
-    threadId: string;
+    threadId?: string;
     /**
      * The messageId identifies a particular channel meeting within the channel as specified by the threadId above. This should be used only when trying to open the stage view for a channel meeting. It will be a no-op for other scenarios
      */

package/dist/esm/packages/teams-js/src/internal/constants.js

@@ -1 +1 @@
-import*as t from"../artifactsForCDN/validDomains.json.js";const i="2.0.1",s="2.0.2",e="2.0.3",n="2.0.4",o="2.0.1",a="1.9.0",r="2.0.0",m="1.7.0",l="1.8.0",d="2.0.0",h="1.9.0",p=t.validOrigins,c=1500,f=new URL("https://res.cdn.office.net/teams-js/validDomains/json/validDomains.json"),j=/^https:\/\//,v="https",y="teams.microsoft.com",D="The library has not yet been initialized",T="The runtime has not yet been initialized",b="The runtime version is not supported",u="The call was not properly started";export{c as ORIGIN_LIST_FETCH_TIMEOUT_IN_MS,m as captureImageMobileSupportVersion,i as defaultSDKVersionForCompatCheck,u as errorCallNotStarted,D as errorLibraryNotInitialized,T as errorRuntimeNotInitialized,b as errorRuntimeNotSupported,d as getMediaCallbackSupportVersion,o as getUserJoinedTeamsSupportedAndroidClientVersion,n as imageOutputFormatsAPISupportVersion,a as locationAPIsRequiredVersion,l as mediaAPISupportVersion,e as nonFullScreenVideoModeAPISupportVersion,r as peoplePickerRequiredVersion,h as scanBarCodeAPIMobileSupportVersion,y as teamsDeepLinkHost,v as teamsDeepLinkProtocol,j as userOriginUrlValidationRegExp,f as validOriginsCdnEndpoint,p as validOriginsFallback,s as videoAndImageMediaAPISupportVersion};
+import*as i from"../artifactsForCDN/validDomains.json.js";const t="2.0.1",e="2.0.2",s="2.0.3",n="2.0.4",o="2.0.1",a="1.9.0",r="2.0.0",m="1.7.0",l="1.8.0",d="2.0.0",h="1.9.0",p=i.validOrigins,c=1500,f=new URL("https://res.cdn.office.net/teams-js/validDomains/json/validDomains.json"),j="https",v="teams.microsoft.com",y="The library has not yet been initialized",D="The runtime has not yet been initialized",T="The runtime version is not supported",b="The call was not properly started";export{c as ORIGIN_LIST_FETCH_TIMEOUT_IN_MS,m as captureImageMobileSupportVersion,t as defaultSDKVersionForCompatCheck,b as errorCallNotStarted,y as errorLibraryNotInitialized,D as errorRuntimeNotInitialized,T as errorRuntimeNotSupported,d as getMediaCallbackSupportVersion,o as getUserJoinedTeamsSupportedAndroidClientVersion,n as imageOutputFormatsAPISupportVersion,a as locationAPIsRequiredVersion,l as mediaAPISupportVersion,s as nonFullScreenVideoModeAPISupportVersion,r as peoplePickerRequiredVersion,h as scanBarCodeAPIMobileSupportVersion,v as teamsDeepLinkHost,j as teamsDeepLinkProtocol,f as validOriginsCdnEndpoint,p as validOriginsFallback,e as videoAndImageMediaAPISupportVersion};

package/dist/esm/packages/teams-js/src/internal/internalAPIs.js

@@ -1 +1 @@
-import{HostClientType as i}from"../public/constants.js";import{ErrorCode as t}from"../public/interfaces.js";import{isRuntimeInitialized as e}from"../public/runtime.js";import{defaultSDKVersionForCompatCheck as n,errorLibraryNotInitialized as o,userOriginUrlValidationRegExp as r}from"./constants.js";import{GlobalVars as l}from"./globalVars.js";import{getLogger as s}from"./telemetry.js";import{compareSDKVersions as a}from"./utils.js";const f=s("internal"),c=f.extend("ensureInitializeCalled"),d=f.extend("ensureInitialized");function p(){if(!l.initializeCalled)throw c(o),new Error(o)}function m(i,...t){if(!l.initializeCompleted)throw d("%s. initializeCalled: %s",o,l.initializeCalled.toString()),new Error(o);if(t&&t.length>0){let i=!1;for(let e=0;e<t.length;e++)if(t[e]===l.frameContext){i=!0;break}if(!i)throw new Error(`This call is only allowed in following contexts: ${JSON.stringify(t)}. Current context: "${l.frameContext}".`)}return e(i)}function u(i=n){const t=a(l.clientSupportedSDKVersion,i);return!isNaN(t)&&t>=0}function C(){return l.hostClientType==i.android||l.hostClientType==i.ios||l.hostClientType==i.ipados||l.hostClientType==i.visionOS}function h(i=n){if(!C()){throw{errorCode:t.NOT_SUPPORTED_ON_PLATFORM}}if(!u(i)){throw{errorCode:t.OLD_PLATFORM}}}function w(i){let t=l.additionalValidOrigins.concat(i.filter(i=>"string"==typeof i&&r.test(i)));const e={};t=t.filter(i=>!e[i]&&(e[i]=!0,!0)),l.additionalValidOrigins=t}export{p as ensureInitializeCalled,m as ensureInitialized,u as isCurrentSDKVersionAtLeast,C as isHostClientMobile,w as processAdditionalValidOrigins,h as throwExceptionIfMobileApiIsNotSupported};
+import{HostClientType as i}from"../public/constants.js";import{ErrorCode as t}from"../public/interfaces.js";import{isRuntimeInitialized as r}from"../public/runtime.js";import{defaultSDKVersionForCompatCheck as e,errorLibraryNotInitialized as n}from"./constants.js";import{GlobalVars as o}from"./globalVars.js";import{getLogger as l}from"./telemetry.js";import{isValidPatternUrl as s}from"./urlPattern.js";import{compareSDKVersions as a}from"./utils.js";const f=l("internal"),c=f.extend("ensureInitializeCalled"),d=f.extend("ensureInitialized");function m(){if(!o.initializeCalled)throw c(n),new Error(n)}function p(i,...t){if(!o.initializeCompleted)throw d("%s. initializeCalled: %s",n,o.initializeCalled.toString()),new Error(n);if(t&&t.length>0){let i=!1;for(let r=0;r<t.length;r++)if(t[r]===o.frameContext){i=!0;break}if(!i)throw new Error(`This call is only allowed in following contexts: ${JSON.stringify(t)}. Current context: "${o.frameContext}".`)}return r(i)}function u(i=e){const t=a(o.clientSupportedSDKVersion,i);return!isNaN(t)&&t>=0}function C(){return o.hostClientType==i.android||o.hostClientType==i.ios||o.hostClientType==i.ipados||o.hostClientType==i.visionOS}function h(i=e){if(!C()){throw{errorCode:t.NOT_SUPPORTED_ON_PLATFORM}}if(!u(i)){throw{errorCode:t.OLD_PLATFORM}}}function w(i){let t=o.additionalValidOrigins.concat(i.filter(i=>"string"==typeof i&&s(i)));const r={};t=t.filter(i=>!r[i]&&(r[i]=!0,!0)),o.additionalValidOrigins=t}export{m as ensureInitializeCalled,p as ensureInitialized,u as isCurrentSDKVersionAtLeast,C as isHostClientMobile,w as processAdditionalValidOrigins,h as throwExceptionIfMobileApiIsNotSupported};

package/dist/esm/packages/teams-js/src/internal/urlPattern.js

@@ -0,0 +1 @@
+const t=/^[A-Za-z][A-Za-z\d+.-]*:\/\//;function s(t,s){const n=t.substring(1);return t===s||"*."===t.substring(0,2)&&s.length>n.length&&s.split(".").length===n.split(".").length&&s.substring(s.length-n.length)===n}class n{constructor(t,s,n){this.protocol=t,this.host=s,this.logger=n}static canUse(s){return t.test(s)}static create(t,s){const e=t.split("://");return new n(e[0],e[1],s.extend("InternalURLPattern"))}test(t){return this.logger("Testing URL %s against pattern protocol: %s, host: %s",t,this.protocol,this.host),t.protocol===`${this.protocol}:`&&(!t.host||s(this.host,t.host))}}function e(t){return n.canUse(t)}function o(t,s){if(n.canUse(t))return n.create(t,s);s("No URL verifier available for pattern: %s",t)}export{o as createURLVerifier,e as isValidPatternUrl,s as validateHostAgainstPattern};

package/dist/esm/packages/teams-js/src/internal/validOrigins.js

@@ -1 +1 @@
-import{__awaiter as i}from"../../../../node_modules/.pnpm/@rollup_plugin-typescript@11.1.6_rollup@4.55.1_tslib@2.8.1_typescript@4.9.5/node_modules/tslib/tslib.es6.js";import{ORIGIN_LIST_FETCH_TIMEOUT_IN_MS as t,validOriginsCdnEndpoint as r,validOriginsFallback as n}from"./constants.js";import{GlobalVars as e}from"./globalVars.js";import{getLogger as o}from"./telemetry.js";import{inServerSideRenderingEnvironment as l,isValidHttpsURL as s}from"./utils.js";let a=[];const u=o("validateOrigin");let c;function f(){return i(this,void 0,void 0,function*(){c||(yield g())})}function d(){return 0===a.length}function g(e=!1){return i(this,void 0,void 0,function*(){if(!d()&&!e)return a;if(c)return c;if(l())return a=n,n;{u("Initiating fetch call to acquire valid origins list from CDN");const i=new AbortController,e=setTimeout(()=>i.abort(),t);return c=fetch(r,{signal:i.signal}).then(i=>{if(clearTimeout(e),!i.ok)throw new Error("Invalid Response from Fetch Call");return u("Fetch call completed and retrieved valid origins list from CDN"),i.json().then(i=>{if(function(i){let t=JSON.parse(i);try{t=JSON.parse(i)}catch(i){return!1}if(!t.validOrigins)return!1;for(const i of t.validOrigins)try{new URL("https://"+i)}catch(t){return u("isValidOriginsFromCDN call failed to validate origin: %s",i),!1}return!0}(JSON.stringify(i)))return a=i.validOrigins,a;throw new Error("Valid origins list retrieved from CDN is invalid")})}).catch(i=>("AbortError"===i.name?u(`validOrigins fetch call to CDN failed due to Timeout of ${t} ms. Defaulting to fallback list`):u("validOrigins fetch call to CDN failed with error: %s. Defaulting to fallback list",i),a=n,a)),c}})}function p(i,t){if("*."===i.substring(0,2)){const r=i.substring(1);if(t.length>r.length&&t.split(".").length===r.split(".").length&&t.substring(t.length-r.length)===r)return!0}else if(i===t)return!0;return!1}function h(i,t){const r=d()?n:a;return m(i,r)?Promise.resolve(!0):(u("Origin %s is not in the local valid origins list, fetching from CDN",i),g(t).then(t=>m(i,t)))}function m(i,t){if(!s(i))return u("Origin %s is invalid because it is not using https protocol. Protocol being used: %s",i,i.protocol),!1;const r=i.host;if(t.some(i=>p(i,r)))return!0;for(const i of e.additionalValidOrigins){if(p("https://"===i.substring(0,8)?i.substring(8):i,r))return!0}return u("Origin %s is invalid because it is not an origin approved by this library or included in the call to app.initialize.\nOrigins approved by this library: %o\nOrigins included in app.initialize: %o",i,t,e.additionalValidOrigins),!1}f();export{f as prefetchOriginsFromCDN,h as validateOrigin};
+import{__awaiter as i}from"../../../../node_modules/.pnpm/@rollup_plugin-typescript@11.1.6_rollup@4.55.1_tslib@2.8.1_typescript@4.9.5/node_modules/tslib/tslib.es6.js";import{ORIGIN_LIST_FETCH_TIMEOUT_IN_MS as t,validOriginsCdnEndpoint as r,validOriginsFallback as n}from"./constants.js";import{GlobalVars as o}from"./globalVars.js";import{getLogger as e}from"./telemetry.js";import{validateHostAgainstPattern as l,createURLVerifier as s}from"./urlPattern.js";import{inServerSideRenderingEnvironment as a,isValidHttpsURL as c}from"./utils.js";let u=[];const d=e("validateOrigin");let f;function g(){return i(this,void 0,void 0,function*(){f||(yield m())})}function p(){return 0===u.length}function m(o=!1){return i(this,void 0,void 0,function*(){if(!p()&&!o)return u;if(f)return f;if(a())return u=n,n;{d("Initiating fetch call to acquire valid origins list from CDN");const i=new AbortController,o=setTimeout(()=>i.abort(),t);return f=fetch(r,{signal:i.signal}).then(i=>{if(clearTimeout(o),!i.ok)throw new Error("Invalid Response from Fetch Call");return d("Fetch call completed and retrieved valid origins list from CDN"),i.json().then(i=>{if(function(i){let t=JSON.parse(i);try{t=JSON.parse(i)}catch(i){return!1}if(!t.validOrigins)return!1;for(const i of t.validOrigins)try{new URL("https://"+i)}catch(t){return d("isValidOriginsFromCDN call failed to validate origin: %s",i),!1}return!0}(JSON.stringify(i)))return u=i.validOrigins,u;throw new Error("Valid origins list retrieved from CDN is invalid")})}).catch(i=>("AbortError"===i.name?d(`validOrigins fetch call to CDN failed due to Timeout of ${t} ms. Defaulting to fallback list`):d("validOrigins fetch call to CDN failed with error: %s. Defaulting to fallback list",i),u=n,u)),f}})}function h(i,t){let r;try{const t=s(i,d);if(!t)return!1;r=t}catch(i){return!1}return r.test(t)}function v(i,t){const r=p()?n:u;return O(i,r)?Promise.resolve(!0):(d("Origin %s is not in the local valid origins list, fetching from CDN",i),m(t).then(t=>O(i,t)))}function O(i,t){for(const t of o.additionalValidOrigins)if(h(t,i))return!0;const r=i.host;return c(i)?!!t.some(i=>l(i,r))||(d("Origin %s is invalid because it is not an origin approved by this library or included in the call to app.initialize.\nOrigins approved by this library: %o\nOrigins included in app.initialize: %o",i,t,o.additionalValidOrigins),!1):(d("Origin %s is invalid because it is not using https protocol. Protocol being used: %s",i,i.protocol),!1)}g();export{g as prefetchOriginsFromCDN,v as validateOrigin};

package/dist/esm/packages/teams-js/src/public/version.js

@@ -1 +1 @@
-const o="2.48.1";export{o as version};
+const t="2.49.0-beta.0";export{t as version};

package/dist/umd/MicrosoftTeams.js

@@ -2429,14 +2429,6 @@ const ORIGIN_LIST_FETCH_TIMEOUT_IN_MS = 1500;
  * Limited to Microsoft-internal use
  */
 const validOriginsCdnEndpoint = new URL('https://res.cdn.office.net/teams-js/validDomains/json/validDomains.json');
-/**
- * @hidden
- * USer specified message origins should satisfy this test
- *
- * @internal
- * Limited to Microsoft-internal use
- */
-const userOriginUrlValidationRegExp = /^https:\/\//;
 /**
  * @hidden
  * The protocol used for deep links into Teams
@@ -4677,7 +4669,7 @@ function isSerializable(arg) {
  * @hidden
  *  Package version.
  */
-const version = "2.48.1";
+const version = "2.49.0-beta.0";
 
 ;// ./src/public/featureFlags.ts
 // All build feature flags are defined inside this object. Any build feature flag must have its own unique getter and setter function. This pattern allows for client apps to treeshake unused code and avoid including code guarded by this feature flags in the final bundle. If this property isn't desired, use the below runtime feature flags object.
@@ -4810,6 +4802,92 @@ function flushMessageQueue(targetWindow, targetOrigin, targetMessageQueue, targe
     }
 }
 
+;// ./src/internal/urlPattern.ts
+/**
+ * Regex for validating that a user-provided origin includes a protocol.
+ */
+const userOriginUrlValidationRegExp = /^[A-Za-z][A-Za-z\d+.-]*:\/\//;
+/**
+ * @param pattern - reference pattern
+ * @param host - candidate string
+ * @returns returns true if host matches pre-know valid pattern
+ *
+ * @example
+ *    validateHostAgainstPattern('*.teams.microsoft.com', 'subdomain.teams.microsoft.com') returns true
+ *    validateHostAgainstPattern('teams.microsoft.com', 'team.microsoft.com') returns false
+ *
+ * @internal
+ * Limited to Microsoft-internal use
+ */
+function validateHostAgainstPattern(pattern, host) {
+    const suffix = pattern.substring(1);
+    return (pattern === host ||
+        (pattern.substring(0, 2) === '*.' &&
+            host.length > suffix.length &&
+            host.split('.').length === suffix.split('.').length &&
+            host.substring(host.length - suffix.length) === suffix));
+}
+/**
+ * @hidden
+ * @internal
+ * Limited to Microsoft-internal use.
+ *
+ * Internal class when widely-available URLPattern is not available.
+ */
+class InternalURLPattern {
+    constructor(protocol, host, logger) {
+        this.protocol = protocol;
+        this.host = host;
+        this.logger = logger;
+    }
+    /**
+     * Checks if InternalURLPattern can be used with the provided pattern.
+     */
+    static canUse(pattern) {
+        return userOriginUrlValidationRegExp.test(pattern);
+    }
+    /**
+     * Creates an instance of InternalURLPattern with the provided pattern and logger.
+     */
+    static create(pattern, logger) {
+        const splitPattern = pattern.split('://');
+        return new InternalURLPattern(splitPattern[0], splitPattern[1], logger.extend('InternalURLPattern'));
+    }
+    /**
+     * Tests the URL against the pattern.
+     */
+    test(url) {
+        this.logger('Testing URL %s against pattern protocol: %s, host: %s', url, this.protocol, this.host);
+        return url.protocol === `${this.protocol}:` && (!url.host || validateHostAgainstPattern(this.host, url.host));
+    }
+}
+/**
+ * @hidden
+ * @internal
+ * Limited to Microsoft-internal use.
+ *
+ * Checks if the provided pattern is valid for checking against URLs.
+ * @param pattern - The pattern to validate.
+ * @returns - True if the pattern is valid, false otherwise.
+ */
+function isValidPatternUrl(pattern) {
+    return InternalURLPattern.canUse(pattern);
+}
+/**
+ * @hidden
+ * @internal
+ * Limited to Microsoft-internal use.
+ *
+ * Creates a URL verifier based on the provided pattern.
+ */
+function createURLVerifier(pattern, logger) {
+    if (InternalURLPattern.canUse(pattern)) {
+        return InternalURLPattern.create(pattern, logger);
+    }
+    logger('No URL verifier available for pattern: %s', pattern);
+    return undefined;
+}
+
 ;// ./src/internal/internalAPIs.ts
 
 
@@ -4818,6 +4896,7 @@ function flushMessageQueue(targetWindow, targetOrigin, targetMessageQueue, targe
 
 
 
+
 const internalLogger = getLogger('internal');
 const ensureInitializeCalledLogger = internalLogger.extend('ensureInitializeCalled');
 const ensureInitializedLogger = internalLogger.extend('ensureInitialized');
@@ -4927,7 +5006,7 @@ function throwExceptionIfMobileApiIsNotSupported(requiredVersion = defaultSDKVer
  */
 function processAdditionalValidOrigins(validMessageOrigins) {
     let combinedOriginUrls = GlobalVars.additionalValidOrigins.concat(validMessageOrigins.filter((_origin) => {
-        return typeof _origin === 'string' && userOriginUrlValidationRegExp.test(_origin);
+        return typeof _origin === 'string' && isValidPatternUrl(_origin);
     }));
     const dedupUrls = {};
     combinedOriginUrls = combinedOriginUrls.filter((_originUrl) => {
@@ -5403,7 +5482,7 @@ logWhereTeamsJsIsBeingUsed();
  * @param validMessageOrigins - Optionally specify a list of cross-frame message origins. This parameter is used if you know that your app
  * will be hosted on a custom domain (i.e., not a standard Microsoft 365 host like Teams, Outlook, etc.) Most apps will never need
  * to pass a value for this parameter.
- * Any domains passed in the array must have the https: protocol on the string otherwise they will be ignored. Example: https://www.example.com
+ * Any domains passed in the array must define a scheme to be able to be processed. Examples: https://www.example.com, chrome://
  * @returns Promise that will be fulfilled when initialization has completed, or rejected if the initialization fails or times out
  */
 function initialize(validMessageOrigins) {
@@ -6756,6 +6835,7 @@ var validOrigins_awaiter = (undefined && undefined.__awaiter) || function (thisA
 
 
 
+
 let validOriginsCache = [];
 const validateOriginLogger = getLogger('validateOrigin');
 let validOriginsPromise;
@@ -6840,30 +6920,23 @@ function isValidOriginsJSONValid(validOriginsJSON) {
     return true;
 }
 /**
+ * Validates the origin against the full pattern including protocol and hostname.
  * @param pattern - reference pattern
- * @param host - candidate string
- * @returns returns true if host matches pre-know valid pattern
- *
- * @example
- *    validateHostAgainstPattern('*.teams.microsoft.com', 'subdomain.teams.microsoft.com') returns true
- *    validateHostAgainstPattern('teams.microsoft.com', 'team.microsoft.com') returns false
- *
- * @internal
- * Limited to Microsoft-internal use
+ * @param origin - candidate URL object
  */
-function validateHostAgainstPattern(pattern, host) {
-    if (pattern.substring(0, 2) === '*.') {
-        const suffix = pattern.substring(1);
-        if (host.length > suffix.length &&
-            host.split('.').length === suffix.split('.').length &&
-            host.substring(host.length - suffix.length) === suffix) {
-            return true;
+function validateOriginAgainstFullPattern(pattern, origin) {
+    let patternUrl;
+    try {
+        const createdURLVerifier = createURLVerifier(pattern, validateOriginLogger);
+        if (!createdURLVerifier) {
+            return false;
         }
+        patternUrl = createdURLVerifier;
     }
-    else if (pattern === host) {
-        return true;
+    catch (_a) {
+        return false;
     }
-    return false;
+    return patternUrl.test(origin);
 }
 /**
  * @internal
@@ -6875,29 +6948,25 @@ function validateOrigin(messageOrigin, disableCache) {
     if (validateOriginWithValidOriginsList(messageOrigin, localList)) {
         return Promise.resolve(true);
     }
-    else {
-        validateOriginLogger('Origin %s is not in the local valid origins list, fetching from CDN', messageOrigin);
-        return getValidOriginsListFromCDN(disableCache).then((validOriginsList) => {
-            return validateOriginWithValidOriginsList(messageOrigin, validOriginsList);
-        });
-    }
+    validateOriginLogger('Origin %s is not in the local valid origins list, fetching from CDN', messageOrigin);
+    return getValidOriginsListFromCDN(disableCache).then((validOriginsList) => validateOriginWithValidOriginsList(messageOrigin, validOriginsList));
 }
 function validateOriginWithValidOriginsList(messageOrigin, validOriginsList) {
-    // Check whether the url is in the pre-known allowlist or supplied by user
+    // User provided additional valid origins take precedence as they do not require https protocol
+    for (const domainOrPattern of GlobalVars.additionalValidOrigins) {
+        if (validateOriginAgainstFullPattern(domainOrPattern, messageOrigin)) {
+            return true;
+        }
+    }
+    const messageOriginHost = messageOrigin.host;
+    // For standard valid origins, only allow https protocol
     if (!isValidHttpsURL(messageOrigin)) {
         validateOriginLogger('Origin %s is invalid because it is not using https protocol. Protocol being used: %s', messageOrigin, messageOrigin.protocol);
         return false;
     }
-    const messageOriginHost = messageOrigin.host;
     if (validOriginsList.some((pattern) => validateHostAgainstPattern(pattern, messageOriginHost))) {
         return true;
     }
-    for (const domainOrPattern of GlobalVars.additionalValidOrigins) {
-        const pattern = domainOrPattern.substring(0, 8) === 'https://' ? domainOrPattern.substring(8) : domainOrPattern;
-        if (validateHostAgainstPattern(pattern, messageOriginHost)) {
-            return true;
-        }
-    }
     validateOriginLogger('Origin %s is invalid because it is not an origin approved by this library or included in the call to app.initialize.\nOrigins approved by this library: %o\nOrigins included in app.initialize: %o', messageOrigin, validOriginsList, GlobalVars.additionalValidOrigins);
     return false;
 }