refactor: rename whitelisted_return_urls to allowed_return_urls (#…

…2299)

BREAKING CHANGE: Configuration key `selfservice.whitelisted_return_urls` has been renamed to `allowed_return_urls`.

cmd/serve/stub/kratos.yml

@@ -10,7 +10,7 @@ serve:
 
 selfservice:
   default_browser_return_url: http://127.0.0.1:4455/
-  whitelisted_return_urls:
+  allowed_return_urls:
     - http://127.0.0.1:4455
 
   methods:

contrib/quickstart/kratos/cloud/kratos.yml

@@ -12,7 +12,7 @@ serve:
 
 selfservice:
   default_browser_return_url: http://localhost:4455/ui/welcome
-  whitelisted_return_urls:
+  allowed_return_urls:
     - http://localhost:4455
 
   methods:

contrib/quickstart/kratos/email-password/kratos.yml

@@ -12,7 +12,7 @@ serve:
 
 selfservice:
   default_browser_return_url: http://127.0.0.1:4455/
-  whitelisted_return_urls:
+  allowed_return_urls:
     - http://127.0.0.1:4455
 
   methods:

driver/config/config.go

@@ -110,7 +110,7 @@ const (
 	ViperKeyCookiePath                                       = "cookies.path"
 	ViperKeySelfServiceStrategyConfig                        = "selfservice.methods"
 	ViperKeySelfServiceBrowserDefaultReturnTo                = "selfservice." + DefaultBrowserReturnURL
-	ViperKeyURLsWhitelistedReturnToDomains                   = "selfservice.whitelisted_return_urls"
+	ViperKeyURLsAllowedReturnToDomains                       = "selfservice.allowed_return_urls"
 	ViperKeySelfServiceRegistrationEnabled                   = "selfservice.flows.registration.enabled"
 	ViperKeySelfServiceRegistrationUI                        = "selfservice.flows.registration.ui_url"
 	ViperKeySelfServiceRegistrationRequestLifespan           = "selfservice.flows.registration.lifespan"
@@ -823,28 +823,28 @@ func (p *Config) SessionPersistentCookie() bool {
 	return p.p.Bool(ViperKeySessionPersistentCookie)
 }
 
-func (p *Config) SelfServiceBrowserWhitelistedReturnToDomains() (us []url.URL) {
-	src := p.p.Strings(ViperKeyURLsWhitelistedReturnToDomains)
+func (p *Config) SelfServiceBrowserAllowedReturnToDomains() (us []url.URL) {
+	src := p.p.Strings(ViperKeyURLsAllowedReturnToDomains)
 	for k, u := range src {
 		if len(u) == 0 {
 			continue
 		}
 
 		parsed, err := url.ParseRequestURI(u)
 		if err != nil {
-			p.l.WithError(err).Warnf("Ignoring URL \"%s\" from configuration key \"%s.%d\".", u, ViperKeyURLsWhitelistedReturnToDomains, k)
+			p.l.WithError(err).Warnf("Ignoring URL \"%s\" from configuration key \"%s.%d\".", u, ViperKeyURLsAllowedReturnToDomains, k)
 			continue
 		}
 		if parsed.Host == "*" {
-			p.l.Warnf("Ignoring wildcard \"%s\" from configuration key \"%s.%d\".", u, ViperKeyURLsWhitelistedReturnToDomains, k)
+			p.l.Warnf("Ignoring wildcard \"%s\" from configuration key \"%s.%d\".", u, ViperKeyURLsAllowedReturnToDomains, k)
 			continue
 		}
 		eTLD, icann := publicsuffix.PublicSuffix(parsed.Host)
 		if len(parsed.Host) > 0 &&
 			parsed.Host[:1] == "*" &&
 			icann &&
 			parsed.Host == fmt.Sprintf("*.%s", eTLD) {
-			p.l.Warnf("Ignoring wildcard \"%s\" from configuration key \"%s.%d\".", u, ViperKeyURLsWhitelistedReturnToDomains, k)
+			p.l.Warnf("Ignoring wildcard \"%s\" from configuration key \"%s.%d\".", u, ViperKeyURLsAllowedReturnToDomains, k)
 			continue
 		}
 

driver/config/config_test.go

@@ -64,7 +64,7 @@ func TestViperProvider(t *testing.T) {
 			assert.Equal(t, "http://public.kratos.ory.sh", p.SelfPublicURL().String())
 
 			var ds []string
-			for _, v := range p.SelfServiceBrowserWhitelistedReturnToDomains() {
+			for _, v := range p.SelfServiceBrowserAllowedReturnToDomains() {
 				ds = append(ds, v.String())
 			}
 

driver/config/stub/.kratos.yaml

@@ -49,7 +49,7 @@ ciphers:
 
 selfservice:
   default_browser_return_url: http://return-to-3-test.ory.sh/
-  whitelisted_return_urls:
+  allowed_return_urls:
     - http://return-to-1-test.ory.sh/
     - http://return-to-2-test.ory.sh/
     - http://*.wildcards.ory.sh

embedx/config.schema.json

@@ -912,8 +912,8 @@
         "default_browser_return_url": {
           "$ref": "#/definitions/defaultReturnTo"
         },
-        "whitelisted_return_urls": {
-          "title": "Whitelisted Return To URLs",
+        "allowed_return_urls": {
+          "title": "Allowed Return To URLs",
           "description": "List of URLs that are allowed to be redirected to. A redirection request is made by appending `?return_to=...` to Login, Registration, and other self-service flows.",
           "type": "array",
           "items": {

examples/go/pkg/stub/kratos.yaml

@@ -9,7 +9,7 @@ serve:
 
 selfservice:
   default_browser_return_url: http://127.0.0.1:4455/
-  whitelisted_return_urls:
+  allowed_return_urls:
     - http://127.0.0.1:4455
 
   methods:

selfservice/flow/login/flow.go

@@ -112,7 +112,7 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques
 	_, err := x.SecureRedirectTo(r,
 		conf.SelfServiceBrowserDefaultReturnTo(),
 		x.SecureRedirectUseSourceURL(requestURL),
-		x.SecureRedirectAllowURLs(conf.SelfServiceBrowserWhitelistedReturnToDomains()),
+		x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains()),
 		x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL()),
 	)
 	if err != nil {

selfservice/flow/login/handler.go

@@ -327,7 +327,7 @@ func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps htt
 	if errors.Is(err, ErrAlreadyLoggedIn) {
 		returnTo, redirErr := x.SecureRedirectTo(r, h.d.Config(r.Context()).SelfServiceBrowserDefaultReturnTo(),
 			x.SecureRedirectAllowSelfServiceURLs(h.d.Config(r.Context()).SelfPublicURL()),
-			x.SecureRedirectAllowURLs(h.d.Config(r.Context()).SelfServiceBrowserWhitelistedReturnToDomains()),
+			x.SecureRedirectAllowURLs(h.d.Config(r.Context()).SelfServiceBrowserAllowedReturnToDomains()),
 		)
 		if redirErr != nil {
 			h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, redirErr)

selfservice/flow/login/handler_test.go

@@ -553,7 +553,7 @@ func TestGetFlow(t *testing.T) {
 	})
 
 	t.Run("case=expired with return_to", func(t *testing.T) {
-		conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh/"})
+		conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"})
 
 		client := testhelpers.NewClientWithCookies(t)
 		setupLoginUI(t, client)

selfservice/flow/login/hook.go

@@ -83,7 +83,7 @@ func (e *HookExecutor) PostLoginHook(w http.ResponseWriter, r *http.Request, a *
 	c := e.d.Config(r.Context())
 	returnTo, err := x.SecureRedirectTo(r, c.SelfServiceBrowserDefaultReturnTo(),
 		x.SecureRedirectUseSourceURL(a.RequestURL),
-		x.SecureRedirectAllowURLs(c.SelfServiceBrowserWhitelistedReturnToDomains()),
+		x.SecureRedirectAllowURLs(c.SelfServiceBrowserAllowedReturnToDomains()),
 		x.SecureRedirectAllowSelfServiceURLs(c.SelfPublicURL()),
 		x.SecureRedirectOverrideDefaultReturnTo(e.d.Config(r.Context()).SelfServiceFlowLoginReturnTo(a.Active.String())),
 	)

selfservice/flow/login/hook_test.go

@@ -99,7 +99,7 @@ func TestLoginExecutor(t *testing.T) {
 
 				t.Run("case=use return_to value", func(t *testing.T) {
 					t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
-					conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh/"})
+					conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"})
 
 					res, _ := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{"return_to": {"https://www.ory.sh/kratos/"}})
 					assert.EqualValues(t, http.StatusOK, res.StatusCode)

selfservice/flow/logout/handler.go

@@ -273,7 +273,7 @@ func (h *Handler) completeLogout(w http.ResponseWriter, r *http.Request) {
 
 	ret, err := x.SecureRedirectTo(r, h.d.Config(r.Context()).SelfServiceFlowLogoutRedirectURL(),
 		x.SecureRedirectUseSourceURL(r.RequestURI),
-		x.SecureRedirectAllowURLs(h.d.Config(r.Context()).SelfServiceBrowserWhitelistedReturnToDomains()),
+		x.SecureRedirectAllowURLs(h.d.Config(r.Context()).SelfServiceBrowserAllowedReturnToDomains()),
 		x.SecureRedirectAllowSelfServiceURLs(h.d.Config(r.Context()).SelfPublicURL()),
 	)
 	if err != nil {

selfservice/flow/recovery/flow.go

@@ -99,7 +99,7 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques
 	_, err := x.SecureRedirectTo(r,
 		conf.SelfServiceBrowserDefaultReturnTo(),
 		x.SecureRedirectUseSourceURL(requestURL),
-		x.SecureRedirectAllowURLs(conf.SelfServiceBrowserWhitelistedReturnToDomains()),
+		x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains()),
 		x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL()),
 	)
 	if err != nil {

selfservice/flow/recovery/handler_test.go

@@ -246,7 +246,7 @@ func TestGetFlow(t *testing.T) {
 	})
 
 	t.Run("case=expired with return_to", func(t *testing.T) {
-		conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh/"})
+		conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"})
 		client := testhelpers.NewClientWithCookies(t)
 		setupRecoveryTS(t, client)
 		body := x.EasyGetBody(t, client, public.URL+recovery.RouteInitBrowserFlow+"?return_to=https://www.ory.sh")

selfservice/flow/registration/flow.go

@@ -89,7 +89,7 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques
 	_, err := x.SecureRedirectTo(r,
 		conf.SelfServiceBrowserDefaultReturnTo(),
 		x.SecureRedirectUseSourceURL(requestURL),
-		x.SecureRedirectAllowURLs(conf.SelfServiceBrowserWhitelistedReturnToDomains()),
+		x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains()),
 		x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL()),
 	)
 	if err != nil {

selfservice/flow/registration/handler_test.go

@@ -303,7 +303,7 @@ func TestGetFlow(t *testing.T) {
 	})
 
 	t.Run("case=expired with return_to", func(t *testing.T) {
-		conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh/"})
+		conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"})
 		client := testhelpers.NewClientWithCookies(t)
 		setupRegistrationUI(t, client)
 		body := x.EasyGetBody(t, client, public.URL+registration.RouteInitBrowserFlow+"?return_to=https://www.ory.sh")

selfservice/flow/registration/hook.go

@@ -129,7 +129,7 @@ func (e *HookExecutor) PostRegistrationHook(w http.ResponseWriter, r *http.Reque
 	c := e.d.Config(r.Context())
 	returnTo, err := x.SecureRedirectTo(r, c.SelfServiceBrowserDefaultReturnTo(),
 		x.SecureRedirectUseSourceURL(a.RequestURL),
-		x.SecureRedirectAllowURLs(c.SelfServiceBrowserWhitelistedReturnToDomains()),
+		x.SecureRedirectAllowURLs(c.SelfServiceBrowserAllowedReturnToDomains()),
 		x.SecureRedirectAllowSelfServiceURLs(c.SelfPublicURL()),
 		x.SecureRedirectOverrideDefaultReturnTo(c.SelfServiceFlowRegistrationReturnTo(ct.String())),
 	)

selfservice/flow/registration/hook_test.go

@@ -100,7 +100,7 @@ func TestRegistrationExecutor(t *testing.T) {
 
 				t.Run("case=use return_to value", func(t *testing.T) {
 					t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
-					conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh/"})
+					conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"})
 
 					res, _ := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{"return_to": {"https://www.ory.sh/kratos/"}})
 					assert.EqualValues(t, http.StatusOK, res.StatusCode)
@@ -118,7 +118,7 @@ func TestRegistrationExecutor(t *testing.T) {
 
 				t.Run("case=use nested config value", func(t *testing.T) {
 					t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
-					conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh/kratos"})
+					conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/kratos"})
 					testhelpers.SelfServiceHookRegistrationSetDefaultRedirectTo(t, conf, "https://www.ory.sh/not-kratos")
 					testhelpers.SelfServiceHookRegistrationSetDefaultRedirectToStrategy(t, conf, strategy, "https://www.ory.sh/kratos")
 

selfservice/flow/settings/error_test.go

@@ -326,7 +326,7 @@ func TestHandleError(t *testing.T) {
 		})
 
 		t.Run("case=session old error", func(t *testing.T) {
-			conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{urlx.AppendPaths(conf.SelfPublicURL(), "/error").String()})
+			conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{urlx.AppendPaths(conf.SelfPublicURL(), "/error").String()})
 			t.Cleanup(reset)
 
 			settingsFlow = &settings.Flow{Type: flow.TypeBrowser}

selfservice/flow/settings/flow.go

@@ -125,7 +125,7 @@ func NewFlow(conf *config.Config, exp time.Duration, r *http.Request, i *identit
 	_, err := x.SecureRedirectTo(r,
 		conf.SelfServiceBrowserDefaultReturnTo(),
 		x.SecureRedirectUseSourceURL(requestURL),
-		x.SecureRedirectAllowURLs(conf.SelfServiceBrowserWhitelistedReturnToDomains()),
+		x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains()),
 		x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL()),
 	)
 	if err != nil {

selfservice/flow/settings/handler_test.go

@@ -223,7 +223,7 @@ func TestHandler(t *testing.T) {
 		})
 
 		t.Run("case=expired with return_to", func(t *testing.T) {
-			conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh/"})
+			conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"})
 			client := testhelpers.NewHTTPClientWithArbitrarySessionToken(t, reg)
 			body := x.EasyGetBody(t, client, publicTS.URL+settings.RouteInitBrowserFlow+"?return_to=https://www.ory.sh")
 

selfservice/flow/settings/hook.go

@@ -106,7 +106,7 @@ func (e *HookExecutor) PostSettingsHook(w http.ResponseWriter, r *http.Request,
 	c := e.d.Config(r.Context())
 	returnTo, err := x.SecureRedirectTo(r, c.SelfServiceBrowserDefaultReturnTo(),
 		x.SecureRedirectUseSourceURL(ctxUpdate.Flow.RequestURL),
-		x.SecureRedirectAllowURLs(c.SelfServiceBrowserWhitelistedReturnToDomains()),
+		x.SecureRedirectAllowURLs(c.SelfServiceBrowserAllowedReturnToDomains()),
 		x.SecureRedirectAllowSelfServiceURLs(c.SelfPublicURL()),
 		x.SecureRedirectOverrideDefaultReturnTo(
 			e.d.Config(r.Context()).SelfServiceFlowSettingsReturnTo(settingsType,

selfservice/flow/settings/hook_test.go

@@ -101,7 +101,7 @@ func TestSettingsExecutor(t *testing.T) {
 
 				t.Run("case=use return_to value", func(t *testing.T) {
 					t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
-					conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh/"})
+					conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"})
 					testhelpers.SelfServiceHookSettingsSetDefaultRedirectTo(t, conf, "https://www.ory.sh")
 
 					res, _ := makeRequestPost(t, newServer(t, flow.TypeBrowser), false, url.Values{"return_to": {"https://www.ory.sh/kratos/"}})

selfservice/flow/verification/flow.go

@@ -103,7 +103,7 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques
 	_, err := x.SecureRedirectTo(r,
 		conf.SelfServiceBrowserDefaultReturnTo(),
 		x.SecureRedirectUseSourceURL(requestURL),
-		x.SecureRedirectAllowURLs(conf.SelfServiceBrowserWhitelistedReturnToDomains()),
+		x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains()),
 		x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL()),
 	)
 	if err != nil {

selfservice/flow/verification/handler_test.go

@@ -109,7 +109,7 @@ func TestGetFlow(t *testing.T) {
 	})
 
 	t.Run("case=expired with return_to", func(t *testing.T) {
-		conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh/"})
+		conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"})
 
 		client := testhelpers.NewClientWithCookies(t)
 		_ = setupVerificationUI(t, client)

selfservice/strategy/link/strategy_test.go

@@ -13,7 +13,7 @@ import (
 func initViper(t *testing.T, c *config.Config) {
 	testhelpers.SetDefaultIdentitySchema(c, "file://./stub/default.schema.json")
 	c.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh")
-	c.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh"})
+	c.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh"})
 	c.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+identity.CredentialsTypePassword.String()+".enabled", true)
 	c.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryLinkName+".enabled", true)
 	c.MustSet(config.ViperKeySelfServiceRecoveryEnabled, true)

selfservice/strategy/link/strategy_verification.go

@@ -257,7 +257,7 @@ func (s *Strategy) verificationUseToken(w http.ResponseWriter, r *http.Request,
 
 	returnTo, err := x.SecureRedirectTo(&verificationRequest, defaultRedirectURL,
 		x.SecureRedirectAllowSelfServiceURLs(s.d.Config(r.Context()).SelfPublicURL()),
-		x.SecureRedirectAllowURLs(s.d.Config(r.Context()).SelfServiceBrowserWhitelistedReturnToDomains()),
+		x.SecureRedirectAllowURLs(s.d.Config(r.Context()).SelfServiceBrowserAllowedReturnToDomains()),
 	)
 	if err != nil {
 		s.d.Logger().Debugf("error parsing redirectTo from verification: %s\n", err)

selfservice/strategy/link/strategy_verification_test.go

@@ -357,7 +357,7 @@ func TestVerification(t *testing.T) {
 
 	t.Run("case=respects return_to URI parameter", func(t *testing.T) {
 		returnToURL := public.URL + "/after-verification"
-		conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{returnToURL})
+		conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{returnToURL})
 		client := &http.Client{
 			CheckRedirect: func(req *http.Request, via []*http.Request) error {
 				return http.ErrUseLastResponse

selfservice/strategy/totp/login_test.go

@@ -82,7 +82,7 @@ func TestCompleteLogin(t *testing.T) {
 	conf, reg := internal.NewFastRegistryWithMocks(t)
 	conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), map[string]interface{}{"enabled": true})
 	conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeTOTP), map[string]interface{}{"enabled": true})
-	conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh"})
+	conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh"})
 
 	router := x.NewRouterPublic()
 	publicTS, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin())

test/e2e/cypress/support/commands.ts

@@ -567,7 +567,7 @@ Cypress.Commands.add('longRegisterLifespan', ({} = {}) => {
 
 Cypress.Commands.add('browserReturnUrlOry', ({} = {}) => {
   updateConfigFile((config) => {
-    config.selfservice.whitelisted_return_urls = ['https://www.ory.sh/']
+    config.selfservice.allowed_return_urls = ['https://www.ory.sh/']
     return config
   })
 })
@@ -1063,7 +1063,7 @@ Cypress.Commands.add(
       cy.location('pathname').should('contain', 'error')
       cy.get('code').should(
         'contain.text',
-        'Requested return_to URL \\"https://not-allowed\\" is not whitelisted.'
+        'Requested return_to URL \\"https://not-allowed\\" is not allowed.'
       )
     }
   }

test/e2e/profiles/kratos.base.yml

@@ -8,7 +8,7 @@ secrets:
 
 selfservice:
   default_browser_return_url: http://localhost:4455/
-  whitelisted_return_urls:
+  allowed_return_urls:
     - http://localhost:4455
     - https://www.ory.sh/
     - https://example.org/

test/schema/fixtures/config.schema.test.failure/root.invalidTypes.yaml

@@ -53,7 +53,7 @@ urls:
   default_return_to: 1
   registration_ui: 1
   error_ui: 1
-  whitelisted_return_to_urls:
+  allowed_return_urls:
     - 1
     - 1
 

test/schema/fixtures/config.schema.test.success/root.full.yml

@@ -1,7 +1,7 @@
 selfservice:
   default_browser_return_url: "#/definitions/defaultReturnTo"
 
-  whitelisted_return_urls:
+  allowed_return_urls:
     - https://foo.bar
     - /dashboard