Poison bridge on teardown instead of deleting

Mihaela Korte · Copilot · Mihaela Korte · commit bc6ddfc42e96 · 2026-05-14T10:30:36.000-07:00
After disableNestedAppAuth(), replace window.nestedAppAuthBridge with
a stub whose postMessage/addEventListener throw a clear error instead
of deleting the property. This prevents MSAL from silently falling
back to the broken popup redirect flow when the bridge is disabled.

Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/src/NestedAppAuthBridge.ts b/src/NestedAppAuthBridge.ts
@@ -107,9 +107,25 @@ export async function initializeNestedAppAuthBridge(parentChannel: IXDMChannel):
 }
 
 /**
- * Tears down the NAA bridge by removing `window.nestedAppAuthBridge`.
- * Call this when the extension no longer needs NAA, or during cleanup in tests.
+ * Tears down the NAA bridge by replacing `window.nestedAppAuthBridge` with a
+ * poisoned stub whose methods throw clear errors. This ensures that:
+ * - Existing MSAL PCA instances get an explicit error on their next token call
+ *   (MSAL reads `window.nestedAppAuthBridge.postMessage` on every request).
+ * - New `createNestablePublicClientApplication` calls fail during bridge init
+ *   instead of silently falling back to the standard (broken) popup flow.
  */
 export function teardownNestedAppAuthBridge(): void {
-    delete (window as any).nestedAppAuthBridge;
+    const disabledError = "Nested App Authentication bridge has been disabled. Call enableNestedAppAuth() to re-enable.";
+
+    (window as any).nestedAppAuthBridge = {
+        postMessage(): void {
+            throw new Error(disabledError);
+        },
+        addEventListener(): void {
+            throw new Error(disabledError);
+        },
+        removeEventListener(): void {
+            // Allow silent removal — no harm in cleaning up listeners on a disabled bridge
+        }
+    };
 }
