diff --git a/docs/content/guide/migration.ngdoc b/docs/content/guide/migration.ngdoc
index 5f66551a9d17..f243eef04a9e 100644
--- a/docs/content/guide/migration.ngdoc
+++ b/docs/content/guide/migration.ngdoc
@@ -2647,8 +2647,8 @@ $scope.findTemplate = function(templateName) {
};
```
-To migrate, either cache the result of `trustAsResourceUrl()`, or put the template url in the resource
-whitelist in the `config()` function:
+To migrate, either cache the result of `trustAsResourceUrl()`, or put the template url in the trusted resource
+URL list in the `config()` function:
After:
diff --git a/src/ng/http.js b/src/ng/http.js
index dcc30b1bc92c..b35d73a50d93 100644
--- a/src/ng/http.js
+++ b/src/ng/http.js
@@ -388,7 +388,7 @@ function $HttpProvider() {
/**
* @ngdoc property
- * @name $httpProvider#xsrfWhitelistedOrigins
+ * @name $httpProvider#xsrfTrustedOrigins
* @description
*
* Array containing URLs whose origins are trusted to receive the XSRF token. See the
@@ -402,7 +402,7 @@ function $HttpProvider() {
* Examples: `http://example.com`, `https://api.example.com:9876`
*
*
- * It is not possible to whitelist specific URLs/paths. The `path`, `query` and `fragment` parts
+ * It is not possible to trust specific URLs/paths. The `path`, `query` and `fragment` parts
* of a URL will be ignored. For example, `https://foo.com/path/bar?query=baz#fragment` will be
* treated as `https://foo.com`, meaning that **all** requests to URLs starting with
* `https://foo.com/` will include the XSRF token.
@@ -413,9 +413,9 @@ function $HttpProvider() {
* ```js
* // App served from `https://example.com/`.
* angular.
- * module('xsrfWhitelistedOriginsExample', []).
+ * module('xsrfTrustedOriginsExample', []).
* config(['$httpProvider', function($httpProvider) {
- * $httpProvider.xsrfWhitelistedOrigins.push('https://api.example.com');
+ * $httpProvider.xsrfTrustedOrigins.push('https://api.example.com');
* }]).
* run(['$http', function($http) {
* // The XSRF token will be sent.
@@ -426,7 +426,7 @@ function $HttpProvider() {
* }]);
* ```
*/
- var xsrfWhitelistedOrigins = this.xsrfWhitelistedOrigins = [];
+ var xsrfTrustedOrigins = this.xsrfWhitelistedOrigins = this.xsrfTrustedOrigins = [];
this.$get = ['$browser', '$httpBackend', '$$cookieReader', '$cacheFactory', '$rootScope', '$q', '$injector', '$sce',
function($browser, $httpBackend, $$cookieReader, $cacheFactory, $rootScope, $q, $injector, $sce) {
@@ -454,7 +454,7 @@ function $HttpProvider() {
/**
* A function to check request URLs against a list of allowed origins.
*/
- var urlIsAllowedOrigin = urlIsAllowedOriginFactory(xsrfWhitelistedOrigins);
+ var urlIsAllowedOrigin = urlIsAllowedOriginFactory(xsrfTrustedOrigins);
/**
* @ngdoc service
@@ -828,16 +828,16 @@ function $HttpProvider() {
* The header will — by default — **not** be set for cross-domain requests. This
* prevents unauthorized servers (e.g. malicious or compromised 3rd-party APIs) from gaining
* access to your users' XSRF tokens and exposing them to Cross Site Request Forgery. If you
- * want to, you can whitelist additional origins to also receive the XSRF token, by adding them
- * to {@link ng.$httpProvider#xsrfWhitelistedOrigins xsrfWhitelistedOrigins}. This might be
+ * want to, you can trust additional origins to also receive the XSRF token, by adding them
+ * to {@link ng.$httpProvider#xsrfTrustedOrigins xsrfTrustedOrigins}. This might be
* useful, for example, if your application, served from `example.com`, needs to access your API
* at `api.example.com`.
- * See {@link ng.$httpProvider#xsrfWhitelistedOrigins $httpProvider.xsrfWhitelistedOrigins} for
+ * See {@link ng.$httpProvider#xsrfTrustedOrigins $httpProvider.xsrfTrustedOrigins} for
* more details.
*
*
* **Warning**
- * Only whitelist origins that you have control over and make sure you understand the
+ * Only trusted origins that you have control over and make sure you understand the
* implications of doing so.
*
*
@@ -964,7 +964,7 @@ function $HttpProvider() {
angular.module('httpExample', [])
.config(['$sceDelegateProvider', function($sceDelegateProvider) {
- // We must whitelist the JSONP endpoint that we are using to show that we trust it
+ // We must add the JSONP endpoint that we are using to the trusted list to show that we trust it
$sceDelegateProvider.trustedResourceUrlList([
'self',
'https://angularjs.org/**'
@@ -1222,7 +1222,7 @@ function $HttpProvider() {
*
* Note that, since JSONP requests are sensitive because the response is given full access to the browser,
* the url must be declared, via {@link $sce} as a trusted resource URL.
- * You can trust a URL by adding it to the whitelist via
+ * You can trust a URL by adding it to the trusted resource URL list via
* {@link $sceDelegateProvider#trustedResourceUrlList `$sceDelegateProvider.trustedResourceUrlList`} or
* by explicitly trusting the URL via {@link $sce#trustAsResourceUrl `$sce.trustAsResourceUrl(url)`}.
*
diff --git a/test/ng/httpSpec.js b/test/ng/httpSpec.js
index d0c994670b49..3df3f6b17cc6 100644
--- a/test/ng/httpSpec.js
+++ b/test/ng/httpSpec.js
@@ -2213,9 +2213,9 @@ describe('$http', function() {
var $httpBackend;
beforeEach(module(function($httpProvider) {
- $httpProvider.xsrfWhitelistedOrigins.push(
- 'https://whitelisted.example.com',
- 'https://whitelisted2.example.com:1337/ignored/path');
+ $httpProvider.xsrfTrustedOrigins.push(
+ 'https://trusted.example.com',
+ 'https://trusted2.example.com:1337/ignored/path');
}));
beforeEach(inject(function(_$http_, _$httpBackend_) {
@@ -2312,8 +2312,8 @@ describe('$http', function() {
}
var requestUrls = [
'https://api.example.com/path',
- 'http://whitelisted.example.com',
- 'https://whitelisted2.example.com:1338'
+ 'http://trusted.example.com',
+ 'https://trusted2.example.com:1338'
];
mockedCookies['XSRF-TOKEN'] = 'secret';
@@ -2326,15 +2326,15 @@ describe('$http', function() {
});
- it('should set an XSRF header for cross-domain requests to whitelisted origins',
+ it('should set an XSRF header for cross-domain requests to trusted origins',
inject(function($browser) {
function checkHeaders(headers) {
return headers['X-XSRF-TOKEN'] === 'secret';
}
var currentUrl = 'https://example.com/path';
var requestUrls = [
- 'https://whitelisted.example.com/path',
- 'https://whitelisted2.example.com:1337/path'
+ 'https://trusted.example.com/path',
+ 'https://trusted2.example.com:1337/path'
];
$browser.url(currentUrl);