URIValidator Class

Use Case

The code is making requests to a URL constructed using untrusted inputs, where an input is considered untrusted if it comes from user input or other services.

AND

The URL is expected to belong to a specific set of trusted domains, the Azure Storage domains, or the Azure Key Vault domains.

If you instead expect the domain to be in any domain or an untrusted domain, see AntiSSRFPolicy.

Definition

Provides static methods for validating the hostname and protocol of URLs.

Methods

Method Description
inAzureKeyVaultDomain(URL | string) Validates if a URL is an Azure Key Vault endpoint.
inAzureStorageDomain(URL | string) Validates if a URL is an Azure Storage endpoint.
inDomain(URL | string, string) Validates if a URL belongs to a trusted domain.
inDomain(URL | string, string[]) Validates if a URL belongs to any of a list of trusted domains.

Copyright © 2026 Microsoft Corporation. Distributed under the MIT license.