@ozura/elements 1.3.1-next.66 → 1.3.1

package/LICENSE

@@ -1,21 +1,21 @@
-MIT License
-
-Copyright (c) 2025 Ozura 
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+MIT License
+
+Copyright (c) 2025 Ozura 
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/frame/element-frame.html

@@ -17,6 +17,6 @@
   </style>
 </head>
 <body>
-  <script src="./element-frame.js"></script>
+  <script src="./element-frame.js" integrity="sha384-xpV1wS1ZIxuDGHUg8WQAbQr94m8oGwI4CutCvD37d7sacy9sRmi4CA/EU62Mrd2I" crossorigin="anonymous"></script>
 </body>
 </html>

package/dist/frame/element-frame.js

@@ -920,4 +920,3 @@ var _OzElementFrame = (function (exports) {
     return exports;
 
 })({});
-//# sourceMappingURL=element-frame.js.map

package/dist/frame/tokenizer-frame.html

@@ -2,10 +2,10 @@
 <html lang="en">
 <head>
   <meta charset="UTF-8" />
-  <meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self'; connect-src https://pci-vault-staging-drc0duhcakf4g4fr.eastus-01.azurewebsites.net; base-uri 'none'; form-action 'none';" />
+  <meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self'; connect-src https://api.ozuravault.com; base-uri 'none'; form-action 'none';" />
   <title>Ozura Tokenizer</title>
 </head>
 <body>
-  <script src="./tokenizer-frame.js"></script>
+  <script src="./tokenizer-frame.js" integrity="sha384-jKzyFta4CjrMb8YW6wX9/MzSUp55uqUytZeya/g55SgF9IvsJ39Jveh4AhwszApc" crossorigin="anonymous"></script>
 </body>
 </html>

package/dist/frame/tokenizer-frame.js

@@ -38,13 +38,13 @@ var _OzTokenizerFrame = (function (exports) {
      * assembles the vault tokenization payload, and POSTs it directly to the
      * vault API. The merchant page never sees raw card data.
      *
-     * The vault URL is determined by "https://pci-vault-staging-drc0duhcakf4g4fr.eastus-01.azurewebsites.net", injected at build time.
+     * The vault URL is determined by "https://api.ozuravault.com", injected at build time.
      * The tokenizer ignores any apiUrl sent by the SDK in OZ_TOKENIZE messages —
      * an attacker who XSSes the merchant page cannot redirect where card data is
      * sent because the destination is hardcoded in this Ozura-controlled bundle.
      */
     var _a;
-    const VAULT_API_URL = "https://pci-vault-staging-drc0duhcakf4g4fr.eastus-01.azurewebsites.net";
+    const VAULT_API_URL = "https://api.ozuravault.com";
     /**
      * Validates and normalises a `parentOrigin` value supplied via URL hash params.
      *
@@ -610,4 +610,3 @@ var _OzTokenizerFrame = (function (exports) {
     return exports;
 
 })({});
-//# sourceMappingURL=tokenizer-frame.js.map

package/dist/oz-elements.esm.js

@@ -1077,7 +1077,7 @@ function isBankAccountMetadata(v) {
     const r = v;
     return typeof r.last4 === 'string' && typeof r.routingNumberLast4 === 'string';
 }
-const DEFAULT_FRAME_BASE_URL = "https://lively-hill-097170c0f.4.azurestaticapps.net";
+const DEFAULT_FRAME_BASE_URL = "https://elements.ozura.com";
 /**
  * The main entry point for OzElements. Creates and manages iframe-based
  * card input elements that keep raw card data isolated from the merchant page.
@@ -2218,8 +2218,11 @@ class OzVault {
             // "Wax key expired") while explicitly excluding card-level validation
             // errors (e.g. "Card has expired", "Card expiry date invalid") that share
             // the 'expired' keyword but should NOT trigger a session refresh.
+            // Use a word-boundary regex (\bcard\b) rather than includes('card') to
+            // avoid false matches on words containing "card" as a substring
+            // (e.g. "discarded", "discarding").
             return (msg.includes('wax') ||
-                (msg.includes('expired') && !msg.includes('card')) ||
+                (msg.includes('expired') && !/\bcard\b/.test(msg)) ||
                 msg.includes('consumed') ||
                 msg.includes('invalid key') ||
                 msg.includes('key not found') ||
@@ -2278,4 +2281,3 @@ class OzVault {
 _OzVault_waxKey = new WeakMap();
 
 export { OzElement, OzError, OzVault, createSessionFetcher as createFetchWaxKey, createSessionFetcher, normalizeBankVaultError, normalizeCardSaleError, normalizeVaultError };
-//# sourceMappingURL=oz-elements.esm.js.map

package/dist/oz-elements.umd.js

@@ -1083,7 +1083,7 @@
         const r = v;
         return typeof r.last4 === 'string' && typeof r.routingNumberLast4 === 'string';
     }
-    const DEFAULT_FRAME_BASE_URL = "https://lively-hill-097170c0f.4.azurestaticapps.net";
+    const DEFAULT_FRAME_BASE_URL = "https://elements.ozura.com";
     /**
      * The main entry point for OzElements. Creates and manages iframe-based
      * card input elements that keep raw card data isolated from the merchant page.
@@ -2224,8 +2224,11 @@
                 // "Wax key expired") while explicitly excluding card-level validation
                 // errors (e.g. "Card has expired", "Card expiry date invalid") that share
                 // the 'expired' keyword but should NOT trigger a session refresh.
+                // Use a word-boundary regex (\bcard\b) rather than includes('card') to
+                // avoid false matches on words containing "card" as a substring
+                // (e.g. "discarded", "discarding").
                 return (msg.includes('wax') ||
-                    (msg.includes('expired') && !msg.includes('card')) ||
+                    (msg.includes('expired') && !/\bcard\b/.test(msg)) ||
                     msg.includes('consumed') ||
                     msg.includes('invalid key') ||
                     msg.includes('key not found') ||
@@ -2293,4 +2296,3 @@
     exports.normalizeVaultError = normalizeVaultError;
 
 }));
-//# sourceMappingURL=oz-elements.umd.js.map

package/dist/react/index.cjs.js

@@ -1027,7 +1027,7 @@ function isBankAccountMetadata(v) {
     const r = v;
     return typeof r.last4 === 'string' && typeof r.routingNumberLast4 === 'string';
 }
-const DEFAULT_FRAME_BASE_URL = "https://lively-hill-097170c0f.4.azurestaticapps.net";
+const DEFAULT_FRAME_BASE_URL = "https://elements.ozura.com";
 /**
  * The main entry point for OzElements. Creates and manages iframe-based
  * card input elements that keep raw card data isolated from the merchant page.
@@ -2168,8 +2168,11 @@ class OzVault {
             // "Wax key expired") while explicitly excluding card-level validation
             // errors (e.g. "Card has expired", "Card expiry date invalid") that share
             // the 'expired' keyword but should NOT trigger a session refresh.
+            // Use a word-boundary regex (\bcard\b) rather than includes('card') to
+            // avoid false matches on words containing "card" as a substring
+            // (e.g. "discarded", "discarding").
             return (msg.includes('wax') ||
-                (msg.includes('expired') && !msg.includes('card')) ||
+                (msg.includes('expired') && !/\bcard\b/.test(msg)) ||
                 msg.includes('consumed') ||
                 msg.includes('invalid key') ||
                 msg.includes('key not found') ||