Revert serviceUrl allowlist (ADO 5310460)

[corinagum]

Summary

Reverting the serviceUrl allowlist defense-in-depth feature before public release. Open design questions on the work item (default sovereign cloud domains, narrowing of *.botframework.com, applying to proactive ConversationReferences, consultation with APX) should be resolved before this becomes part of the public API surface.

This feature has not shipped in any release. Removing the public AdditionalAllowedDomains option is a breaking change for anyone building from main, which is not ideal but acceptable since no release has been cut. Reverting now buys time to discuss without breaking customers later.

Removed

• ServiceUrlValidator class and ServiceUrlValidatorTests
• AppOptions.AdditionalAllowedDomains, App._additionalAllowedDomains field, related warn log, and the IsAllowed check in App.Process
• TeamsSettings.AdditionalAllowedDomains and its Apply() assignment
• CloudEnvironment.AllowedServiceUrls property, per-cloud entries (Public/USGov/USGovDoD/China), constructor parameter, and WithOverrides parameter

Preserved (other security work bundled into PR #418)

• DevTools production guard (DevToolsPlugin, TeamsValidationSettings)

Preserved (sovereign cloud, separate work)

CloudEnvironment presets, WithOverrides, FromName, AppOptions.Cloud, and the per-cloud Bots.Token.ActiveBotScope / ActiveGraphScope / TokenServiceUrl wiring in App are unchanged.

Note on related open PRs

PR #450 (Tighten AdditionalAllowedDomains API contract) and PR #413 (sovereign cloud next/core, which carries this plumbing) are intentionally left open for separate decisions.

Test plan

• dotnet build clean (0 errors, 5 unrelated pre-existing warnings)
• dotnet test net10.0 passes (net8.0 testhost aborted on local machine due to missing SDK, environmental, not code)
• Smoke test: Samples/Samples.Echo starts and binds to port

[Copilot]

Pull request overview

Reverts the previously introduced serviceUrl allowlist/validator feature prior to public release, removing the related public API/config surface while keeping other security hardening work (per the PR description) separate.

Changes:

• Removes ServiceUrlValidator and its unit tests.
• Removes AdditionalAllowedDomains from AppOptions and TeamsSettings, and deletes the inbound ServiceUrl allowlist enforcement in App.Process.
• Removes CloudEnvironment.AllowedServiceUrls and the related constructor/WithOverrides plumbing.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
Tests/Microsoft.Teams.Apps.Tests/ServiceUrlValidatorTests.cs	Deletes unit tests for the reverted validator feature.
Libraries/Microsoft.Teams.Extensions/Microsoft.Teams.Extensions.Configuration/Microsoft.Teams.Apps.Extensions/TeamsSettings.cs	Removes config binding/apply support for AdditionalAllowedDomains.
Libraries/Microsoft.Teams.Apps/ServiceUrlValidator.cs	Deletes the validator implementation.
Libraries/Microsoft.Teams.Apps/AppOptions.cs	Removes the public AdditionalAllowedDomains option from the app options surface.
Libraries/Microsoft.Teams.Apps/App.cs	Removes allowlist storage/warn log and the IsAllowed enforcement in request processing.
Libraries/Microsoft.Teams.Api/Auth/CloudEnvironment.cs	Removes AllowedServiceUrls and associated constructor/override parameters.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.