App-supplied authorization hook for BYOD source URLs. Runs inside
addByodSource AFTER the built-in scheme / size / timeout policy and BEFORE
the network fetch. Return { valid: true } to allow the fetch or
{ valid: false, reason } to block it (see ByodSourceUrlValidation).
May be sync or async — e.g. an allowlist lookup.
The toolkit can't enforce SSRF guarantees the host itself can't, so it leaves
the URL surface open by default; this hook lets a deployment add its own
policy — refuse cloud-metadata endpoints (169.254.169.254), restrict to
known hosts, etc. — without the SDK prescribing one for everyone. Configure
via the byod.validateSourceUrl option on createMapAgent, or assign
state.byod.sourceUrlValidator directly.
App-supplied authorization hook for BYOD source URLs. Runs inside
addByodSourceAFTER the built-in scheme / size / timeout policy and BEFORE the network fetch. Return{ valid: true }to allow the fetch or{ valid: false, reason }to block it (see ByodSourceUrlValidation). May be sync or async — e.g. an allowlist lookup.The toolkit can't enforce SSRF guarantees the host itself can't, so it leaves the URL surface open by default; this hook lets a deployment add its own policy — refuse cloud-metadata endpoints (
169.254.169.254), restrict to known hosts, etc. — without the SDK prescribing one for everyone. Configure via thebyod.validateSourceUrloption oncreateMapAgent, or assignstate.byod.sourceUrlValidatordirectly.