Replace

     hostWhitelist -> hostAllowList
     moduleWhitelist -> moduleAllowlist

Adding a warning when a developer users `hostWhitelist`

Author: mcfiredrill

README.md

@@ -92,13 +92,13 @@ server.start();
 
 ## Using Node/npm Dependencies
 
-### Whitelisting Packages
+### Allowlisting Packages
 
 When your app is running in FastBoot, it may need to use Node packages
 to replace features that are available only in the browser.
 
 For security reasons, your Ember app running in FastBoot can only access
-packages that you have explicitly whitelisted.
+packages that you have explicitly listed as allowed.
 
 To allow your app to require a package, add it to the
 `fastbootDependencies` array in your app's `package.json`:
@@ -132,14 +132,14 @@ hash.** Built-in modules (`path`, `fs`, etc.) only need to be added to
 
 From your Ember.js app, you can run `FastBoot.require()` to require a
 package. This is identical to the CommonJS `require` except it checks
-all requests against the whitelist first.
+all requests against the allowlist first.
 
 ```js
 let path = FastBoot.require('path');
 let filePath = path.join('tmp', session.getID());
 ```
 
-If you attempt to require a package that is not in the whitelist,
+If you attempt to require a package that is not in the allowlist,
 FastBoot will raise an exception.
 
 Note that the `FastBoot` global is **only** available when running in
@@ -273,23 +273,23 @@ module.exports = function(environment) {
     },
 
     fastboot: {
-      hostWhitelist: ['example.com', 'subdomain.example.com', /^localhost:\d+$/]
+      hostAllowlist: ['example.com', 'subdomain.example.com', /^localhost:\d+$/]
     }
   };
   // ...
 };
 ```
 
-The `hostWhitelist` can be a string or RegExp to match multiple hosts.
+The `hostAllowlist` can be a string or RegExp to match multiple hosts.
 Care should be taken when using a RegExp, as the host function relies on
 the `Host` HTTP header, which can be forged. You could potentially allow
 a malicious request if your RegExp is too permissive when using the `host`
 when making subsequent requests.
 
 Retrieving `host` will error on 2 conditions:
 
- 1. you do not have a `hostWhitelist` defined
- 2. the `Host` header does not match an entry in your `hostWhitelist`
+ 1. you do not have a `hostAllowlist` defined
+ 2. the `Host` header does not match an entry in your `hostAllowlist`
 
 ### Query Parameters
 

packages/ember-cli-fastboot/fastboot/initializers/ajax.js

@@ -14,7 +14,7 @@ var nodeAjax = function(options) {
     try {
       options.url = protocol + '//' + get(this, 'fastboot.request.host') + options.url;
     } catch (fbError) {
-      throw new Error('You are using Ember Data with no host defined in your adapter. This will attempt to use the host of the FastBoot request, which is not configured for the current host of this request. Please set the hostWhitelist property for in your environment.js. FastBoot Error: ' + fbError.message);
+      throw new Error('You are using Ember Data with no host defined in your adapter. This will attempt to use the host of the FastBoot request, which is not configured for the current host of this request. Please set the hostAllowlist property for in your environment.js. FastBoot Error: ' + fbError.message);
     }
   }
 

packages/ember-cli-fastboot/index.js

@@ -237,7 +237,7 @@ module.exports = {
 
   /**
    * Need to handroll our own clone algorithm since JSON.stringy changes regex
-   * to empty objects which breaks hostWhiteList property of fastboot.
+   * to empty objects which breaks hostAllowList property of fastboot.
    *
    * @param {Object} config
    */

packages/ember-cli-fastboot/lib/broccoli/fastboot-config.js

@@ -1,14 +1,13 @@
 /* eslint-env node */
 'use strict';
 
-const fs     = require('fs');
-const fmt    = require('util').format;
-const uniq   = require('ember-cli-lodash-subset').uniq;
-const merge  = require('ember-cli-lodash-subset').merge;
-const md5Hex = require('md5-hex');
-const path   = require('path');
-const Plugin = require('broccoli-plugin');
-
+const fs        = require('fs');
+const fmt       = require('util').format;
+const uniq      = require('ember-cli-lodash-subset').uniq;
+const merge     = require('ember-cli-lodash-subset').merge;
+const md5Hex    = require('md5-hex');
+const path      = require('path');
+const Plugin    = require('broccoli-plugin');
 const stringify = require('json-stable-stringify');
 
 const LATEST_SCHEMA_VERSION = 3;
@@ -50,7 +49,7 @@ module.exports = class FastBootConfig extends Plugin {
     this.buildConfig();
     this.buildDependencies();
     this.buildManifest();
-    this.buildHostWhitelist();
+    this.buildHostAllowList();
 
     let outputPath = path.join(this.outputPath, 'package.json');
     this.writeFileIfContentChanged(outputPath, this.toJSONString());
@@ -85,7 +84,7 @@ module.exports = class FastBootConfig extends Plugin {
 
   buildDependencies() {
     let dependencies = {};
-    let moduleWhitelist = [];
+    let moduleAllowlist = [];
     let ui = this.ui;
 
     eachAddonPackage(this.project, pkg => {
@@ -101,7 +100,7 @@ module.exports = class FastBootConfig extends Plugin {
             return;
           }
 
-          moduleWhitelist.push(dep);
+          moduleAllowlist.push(dep);
 
           if (version) {
             dependencies[dep] = version;
@@ -115,7 +114,7 @@ module.exports = class FastBootConfig extends Plugin {
 
     if (projectDeps) {
       projectDeps.forEach(dep => {
-        moduleWhitelist.push(dep);
+        moduleAllowlist.push(dep);
 
         let version = pkg.dependencies && pkg.dependencies[dep];
         if (version) {
@@ -125,7 +124,7 @@ module.exports = class FastBootConfig extends Plugin {
     }
 
     this.dependencies = dependencies;
-    this.moduleWhitelist = uniq(moduleWhitelist);
+    this.moduleAllowlist = uniq(moduleAllowlist);
   }
 
   updateFastBootManifest(manifest) {
@@ -160,32 +159,35 @@ module.exports = class FastBootConfig extends Plugin {
     this.manifest = this.updateFastBootManifest(manifest);
   }
 
-  buildHostWhitelist() {
+  buildHostAllowList() {
     if (this.fastbootAppConfig) {
-      this.hostWhitelist = this.fastbootAppConfig.hostWhitelist;
+      if ('hostWhitelist' in this.fastbootAppConfig) {
+        this.ui.writeLine('Please update your fastboot config to use `hostAllowList` of the deprecated `hostWhitelist`');
+      }
+      this.hostAllowList = this.fastbootAppConfig.hostAllowList || this.fastbootAppConfig.hostWhitelist
     }
   }
 
   toJSONString() {
     return stringify({
       dependencies: this.dependencies,
       fastboot: {
-        moduleWhitelist: this.moduleWhitelist,
+        moduleAllowlist: this.moduleAllowlist,
         schemaVersion: LATEST_SCHEMA_VERSION,
         manifest: this.manifest,
-        hostWhitelist: this.normalizeHostWhitelist(),
+        hostAllowList: this.normalizeHostAllowList(),
         config: this.fastbootConfig,
         appName: this.appName,
       }
     }, null, 2);
   }
 
-  normalizeHostWhitelist() {
-    if (!this.hostWhitelist) {
+  normalizeHostAllowList() {
+    if (!this.hostAllowList) {
       return;
     }
 
-    return this.hostWhitelist.map(function(entry) {
+    return this.hostAllowList.map(function(entry) {
       // Is a regex
       if (entry.source) {
         return '/' + entry.source + '/';

packages/ember-cli-fastboot/package.json

@@ -46,7 +46,6 @@
     "body-parser": "^1.18.3",
     "broccoli-asset-rev": "^3.0.0",
     "broccoli-test-helper": "^1.5.0",
-    "co": "4.6.0",
     "chai": "^4.1.2",
     "chai-fs": "^2.0.0",
     "chai-string": "^1.4.0",

packages/ember-cli-fastboot/test/fastboot-config-test.js

@@ -1,42 +1,59 @@
+/* eslint-env node */
 'use strict';
 
-const expect = require('chai').use(require('chai-string')).expect;
-const RSVP = require('rsvp');
-const request = RSVP.denodeify(require('request'));
-
-const AddonTestApp = require('ember-cli-addon-tests').AddonTestApp;
-
-describe('FastBoot config', function() {
-  this.timeout(400000);
+const expect = require('chai').expect;
+const helpers = require('broccoli-test-helper');
+const MockUI = require('console-ui/mock')
+const createBuilder = helpers.createBuilder;
+const createTempDir = helpers.createTempDir;
+const FastbootConfig = require('../lib/broccoli/fastboot-config');
+
+
+describe('FastbootConfig', function() {
+  let input;
+  let output;
+  let subject;
+  let project;
+
+  beforeEach(async function() {
+    input = await createTempDir();
+    project = {
+      addons: [],
+      pkg: {},
+    };
+    subject = new FastbootConfig(input.path(), {
+      project,
+      outputPaths: {
+        app: { js: 'app.js' },
+        vendor: { js: 'vendor.js' },
+      },
+      appConfig: {
+        modulePrefix: 'app',
+      },
+      ui: new MockUI(),
+      fastbootAppConfig: {
+        hostWhitelist: ['example.com', 'subdomain.example.com']
+      }
+    });
+    output = createBuilder(subject);
+  });
 
-  let app;
+  afterEach(async function() {
+    await input.dispose();
+    await output.dispose();
+  });
 
-  before(function() {
-    app = new AddonTestApp();
+  it('it replace hostWhitelist with hostAllowList and warns user to update the config to hostAllowList', async function() {
+    input.write({});
 
-    return app.create('fastboot-config', { emberVersion: 'latest'})
-      .then(function() {
-        return app.startServer({
-          command: 'serve'
-        });
-      });
-  });
+    await output.build();
 
-  after(function() {
-    return app.stopServer();
-  });
+    expect(
+      output.read()
+    ).to.deep.equal({
+      'package.json': `{"dependencies":{},"fastboot":{"appName":"app","config":{"app":{"modulePrefix":"app"}},"hostAllowList":["example.com","subdomain.example.com"],"manifest":{"appFiles":["app.js","app-fastboot.js"],"htmlFile":"index.html","vendorFiles":["vendor.js"]},"moduleAllowlist":[],"schemaVersion":3}}`
+    });
 
-  it('provides sandbox globals', function() {
-    return request({
-      url: 'http://localhost:49741/',
-      headers: {
-        'Accept': 'text/html'
-      }
-    })
-      .then(function(response) {
-        expect(response.statusCode).to.equal(200);
-        expect(response.headers['content-type']).to.equalIgnoreCase('text/html; charset=utf-8');
-        expect(response.body).to.contain('<h1>My Global</h1>');
-      });
+    expect(output.builder.outputNode.ui.output).to.contain('Please update your fastboot config to use `hostAllowList` of the deprecated `hostWhitelist`');
   });
 });

packages/ember-cli-fastboot/test/fixtures/fastboot-config/config/environment.js

@@ -19,7 +19,7 @@ module.exports = function(environment) {
     },
 
     fastboot: {
-      hostWhitelist: ['example.com', 'subdomain.example.com', /localhost:\d+/]
+      hostAllowlist: ['example.com', 'subdomain.example.com', /localhost:\d+/]
     }
   };
 

packages/ember-cli-fastboot/test/fixtures/fastboot-location-config/config/environment.js

@@ -8,7 +8,7 @@ module.exports = function(environment) {
     modulePrefix: 'fastboot-location-config',
     fastboot: {
       fastbootHeaders: false,
-      hostWhitelist: [/localhost:\d+/],
+      hostAllowlist: [/localhost:\d+/],
       redirectCode: 302,
     }
   };

packages/ember-cli-fastboot/test/fixtures/fastboot-location/config/environment.js

@@ -8,7 +8,7 @@ module.exports = function(environment) {
     modulePrefix: 'fastboot-location',
     fastboot: {
       fastbootHeaders: true,
-      hostWhitelist: [/localhost:\d+/]
+      hostAllowlist: [/localhost:\d+/]
     }
   };
 

packages/ember-cli-fastboot/test/fixtures/request/config/environment.js

@@ -19,7 +19,7 @@ module.exports = function(environment) {
     },
 
     fastboot: {
-      hostWhitelist: ['example.com', 'subdomain.example.com', /localhost:\d+/]
+      hostAllowlist: ['example.com', 'subdomain.example.com', /localhost:\d+/]
     }
   };
 

packages/ember-cli-fastboot/test/new-package-json-test.js

@@ -5,7 +5,6 @@ const expect = require('chai').expect;
 const helpers = require('broccoli-test-helper');
 const createBuilder = helpers.createBuilder;
 const createTempDir = helpers.createTempDir;
-const co = require('co');
 const FastbootConfig = require('../lib/broccoli/fastboot-config');
 
 describe('FastbootConfig', function() {
@@ -50,8 +49,10 @@ describe('FastbootConfig', function() {
 
     await output.build();
 
-    expect(output.read()).to.deep.equal({
-      'package.json': `{"dependencies":{},"fastboot":{"appName":"app","config":{"app":{"modulePrefix":"app"}},"manifest":{"appFiles":["app.js","app-fastboot.js"],"htmlFile":"index.html","vendorFiles":["vendor.js"]},"moduleWhitelist":[],"schemaVersion":3}}`,
+    expect(
+      output.read()
+    ).to.deep.equal({
+      'package.json': `{"dependencies":{},"fastboot":{"appName":"app","config":{"app":{"modulePrefix":"app"}},"manifest":{"appFiles":["app.js","app-fastboot.js"],"htmlFile":"index.html","vendorFiles":["vendor.js"]},"moduleAllowlist":[],"schemaVersion":3}}`
     });
 
     await output.build();
@@ -72,8 +73,10 @@ describe('FastbootConfig', function() {
       'package.json': 'change',
     });
 
-    expect(output.read()).to.deep.equal({
-      'package.json': `{"dependencies":{"apple":"*","orange":"^1.0.0"},"fastboot":{"appName":"app","config":{"app":{"modulePrefix":"app"}},"manifest":{"appFiles":["app.js","app-fastboot.js"],"htmlFile":"index.html","vendorFiles":["vendor.js"]},"moduleWhitelist":["apple","orange"],"schemaVersion":3}}`,
+    expect(
+      output.read()
+    ).to.deep.equal({
+      'package.json': `{"dependencies":{"apple":"*","orange":"^1.0.0"},"fastboot":{"appName":"app","config":{"app":{"modulePrefix":"app"}},"manifest":{"appFiles":["app.js","app-fastboot.js"],"htmlFile":"index.html","vendorFiles":["vendor.js"]},"moduleAllowlist":["apple","orange"],"schemaVersion":3}}`
     });
 
     project.pkg.fastbootDependencies = ['apple', 'orange'];
@@ -88,8 +91,10 @@ describe('FastbootConfig', function() {
 
     await output.build();
 
-    expect(output.read()).to.deep.equal({
-      'package.json': `{"dependencies":{"apple":"^3.0.0","orange":"^1.0.0"},"fastboot":{"appName":"app","config":{"app":{"modulePrefix":"app"}},"manifest":{"appFiles":["app.js","app-fastboot.js"],"htmlFile":"index.html","vendorFiles":["vendor.js"]},"moduleWhitelist":["apple","orange"],"schemaVersion":3}}`,
+    expect(
+      output.read()
+    ).to.deep.equal({
+      'package.json': `{"dependencies":{"apple":"^3.0.0","orange":"^1.0.0"},"fastboot":{"appName":"app","config":{"app":{"modulePrefix":"app"}},"manifest":{"appFiles":["app.js","app-fastboot.js"],"htmlFile":"index.html","vendorFiles":["vendor.js"]},"moduleAllowlist":["apple","orange"],"schemaVersion":3}}`
     });
   });
 });

packages/fastboot-app-server/test/fixtures/basic-app/package.json

@@ -1,7 +1,7 @@
 {
   "dependencies": {},
   "fastboot": {
-    "moduleWhitelist": [],
+    "moduleAllowlist": [],
     "manifest": {
       "appFile": "assets/fastboot-test.js",
       "htmlFile": "index.html",

packages/fastboot-app-server/test/fixtures/broken-app/package.json

@@ -1,7 +1,7 @@
 {
   "dependencies": {},
   "fastboot": {
-    "moduleWhitelist": [],
+    "moduleAllowlist": [],
     "manifest": {
       "appFile": "assets/fastboot-test.js",
       "htmlFile": "index.html",

packages/fastboot-app-server/test/fixtures/global-app/package.json

@@ -1,7 +1,7 @@
 {
   "dependencies": {},
   "fastboot": {
-    "moduleWhitelist": [],
+    "moduleAllowlist": [],
     "manifest": {
       "appFile": "assets/fastboot-test.js",
       "htmlFile": "index.html",