/**
 * Allowed domain suffixes for redirect targets. A redirect (either a 30x `Location` header or a
 * Live Metrics `x-ms-qps-service-endpoint-redirect-v2` header) is followed only when the current
 * host and the redirect target either match exactly or both live under one of these trusted Azure
 * Monitor / Application Insights suffixes. This prevents an attacker-controlled redirect from
 * causing the bearer auth policy to attach a fresh AAD token (and the telemetry body) to an
 * unrelated host.
 *
 * Mirrors `ALLOWED_REDIRECT_DOMAIN_SUFFIXES` in `@azure/monitor-opentelemetry-exporter`.
 * @internal
 */
export declare const ALLOWED_REDIRECT_DOMAIN_SUFFIXES: readonly string[];
/**
 * Return `true` if the redirect target is safe to follow.
 *
 * Used to gate redirects so an attacker-controlled redirect cannot cause the Live Metrics sender
 * (and its credential-bearing pipeline) to send telemetry — and a freshly-signed bearer token —
 * to an unrelated host.
 *
 * A redirect is permitted only when the target equals the currently configured host exactly, or
 * when both the current host and the redirect target are under one of the known Azure Monitor
 * ingestion host suffixes (see {@link ALLOWED_REDIRECT_DOMAIN_SUFFIXES}). Customers with a custom
 * (non-Azure) host will therefore not have server-issued cross-host redirects followed.
 *
 * @internal
 */
export declare function isSameRegisteredDomain(currentNetloc: string | undefined, redirectNetloc: string | undefined): boolean;
//# sourceMappingURL=redirectUtils.d.ts.map