Merge pull request #35086 from gsamokovarov/cleanup-whitelisting-refs

Cleanup the whitelisting references after #33145

2 files changed, 3 insertions, 3 deletions

diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md
index e55217c5c4..19f4de8a1d 100644
--- a/railties/CHANGELOG.md
+++ b/railties/CHANGELOG.md
@@ -75,7 +75,7 @@
 
     In other environments `Rails.application.config.hosts` is empty and no
     `Host` header checks will be done. If you want to guard against header
-    attacks on production, you have to manually whitelist the allowed hosts
+    attacks on production, you have to manually permit the allowed hosts
     with:
 
         Rails.application.config.hosts << "product.com"
@@ -88,7 +88,7 @@
         # `beta1.product.com`.
         Rails.application.config.hosts << /.*\.product\.com/
 
-    A special case is supported that allows you to whitelist all sub-domains:
+    A special case is supported that allows you to permit all sub-domains:
 
         # Allow requests from subdomains like `www.product.com` and
         # `beta1.product.com`.
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index 9da3956dda..7006b0855f 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -2289,7 +2289,7 @@ module ApplicationTests
       MESSAGE
     end
 
-    test "the host whitelist includes .localhost in development" do
+    test "hosts include .localhost in development" do
       app "development"
       assert_includes Rails.application.config.hosts, ".localhost"
     end