@ozura/elements 1.3.0 → 1.3.1-next.67

package/dist/react/index.esm.js

@@ -1025,7 +1025,7 @@ function isBankAccountMetadata(v) {
     const r = v;
     return typeof r.last4 === 'string' && typeof r.routingNumberLast4 === 'string';
 }
-const DEFAULT_FRAME_BASE_URL = "https://elements.ozura.com";
+const DEFAULT_FRAME_BASE_URL = "https://lively-hill-097170c0f.4.azurestaticapps.net";
 /**
  * The main entry point for OzElements. Creates and manages iframe-based
  * card input elements that keep raw card data isolated from the merchant page.
@@ -1669,6 +1669,7 @@ class OzVault {
             const hiddenMs = this._hiddenAt !== null ? Date.now() - this._hiddenAt : 0;
             const willRefresh = (this._hiddenAt !== null &&
                 hiddenMs >= REFRESH_THRESHOLD_MS &&
+                this.tokenizerReady &&
                 Boolean(this._storedFetchWaxKey) &&
                 !this._tokenizing &&
                 !this._waxRefreshing);
@@ -2161,8 +2162,15 @@ class OzVault {
             // names the wax/tokenization session mechanism. A bare "session" match
             // was too broad — any message mentioning "session" (e.g. a merchant
             // session field error) would trigger a spurious re-mint.
+            // Match wax-key/session expiry messages (e.g. "Token has expired",
+            // "Wax key expired") while explicitly excluding card-level validation
+            // errors (e.g. "Card has expired", "Card expiry date invalid") that share
+            // the 'expired' keyword but should NOT trigger a session refresh.
+            // Use a word-boundary regex (\bcard\b) rather than includes('card') to
+            // avoid false matches on words containing "card" as a substring
+            // (e.g. "discarded", "discarding").
             return (msg.includes('wax') ||
-                msg.includes('expired') ||
+                (msg.includes('expired') && !/\bcard\b/.test(msg)) ||
                 msg.includes('consumed') ||
                 msg.includes('invalid key') ||
                 msg.includes('key not found') ||
@@ -2252,6 +2260,16 @@ function OzElements({ sessionUrl, getSessionKey, fetchWaxKey, pubKey, frameBaseU
     // Priority mirrors OzVault.create(): sessionUrl > getSessionKey > fetchWaxKey.
     const getSessionKeyRef = useRef(getSessionKey !== null && getSessionKey !== void 0 ? getSessionKey : fetchWaxKey);
     getSessionKeyRef.current = getSessionKey !== null && getSessionKey !== void 0 ? getSessionKey : fetchWaxKey;
+    // Capture session-scoped options via refs so that runtime changes (e.g.
+    // toggling debug mode or adjusting session limits) don't destroy and recreate
+    // the vault mid-checkout. These values are only consumed at vault creation time;
+    // the vault ignores updates to them after initialization anyway.
+    const debugRef = useRef(debug);
+    debugRef.current = debug;
+    const sessionLimitRef = useRef(sessionLimit);
+    sessionLimitRef.current = sessionLimit;
+    const maxTokenizeCallsRef = useRef(maxTokenizeCalls);
+    maxTokenizeCallsRef.current = maxTokenizeCalls;
     const appearanceKey = useMemo(() => appearance ? JSON.stringify(appearance) : '', [appearance]);
     const fontsKey = useMemo(() => fonts ? JSON.stringify(fonts) : '', [fonts]);
     useEffect(() => {
@@ -2308,8 +2326,8 @@ function OzElements({ sessionUrl, getSessionKey, fetchWaxKey, pubKey, frameBaseU
                 var _a;
                 Promise.resolve().then(() => setTokenizeCount(0));
                 (_a = onWaxRefreshRef.current) === null || _a === void 0 ? void 0 : _a.call(onWaxRefreshRef);
-            }, onReady: () => { var _a; return (_a = onReadyRef.current) === null || _a === void 0 ? void 0 : _a.call(onReadyRef); } }), (sessionLimit !== undefined ? { sessionLimit }
-            : maxTokenizeCalls !== undefined ? { maxTokenizeCalls } : {})), (debug ? { debug: true } : {})), abortController.signal).then(v => {
+            }, onReady: () => { var _a; return (_a = onReadyRef.current) === null || _a === void 0 ? void 0 : _a.call(onReadyRef); } }), (sessionLimitRef.current !== undefined ? { sessionLimit: sessionLimitRef.current }
+            : maxTokenizeCallsRef.current !== undefined ? { maxTokenizeCalls: maxTokenizeCallsRef.current } : {})), (debugRef.current ? { debug: true } : {})), abortController.signal).then(v => {
             if (cancelled) {
                 v.destroy();
                 return;
@@ -2342,7 +2360,11 @@ function OzElements({ sessionUrl, getSessionKey, fetchWaxKey, pubKey, frameBaseU
             setVault(null);
             setInitError(null);
         };
-    }, [pubKey, sessionUrl, frameBaseUrl, loadTimeoutMs, appearanceKey, fontsKey, sessionLimit, maxTokenizeCalls, debug]);
+        // debug, sessionLimit, and maxTokenizeCalls are intentionally excluded from
+        // this dep array — they are captured via refs above and do not need to
+        // recreate the vault when changed after mount.
+        // eslint-disable-next-line react-hooks/exhaustive-deps
+    }, [pubKey, sessionUrl, frameBaseUrl, loadTimeoutMs, appearanceKey, fontsKey]);
     const notifyMount = useCallback(() => setMountedCount(n => n + 1), []);
     const notifyReady = useCallback(() => setReadyCount(n => n + 1), []);
     const notifyUnmount = useCallback(() => {