Add latest changes from gitlab-org/gitlab@master

app/controllers/concerns/sourcegraph_decorator.rb

@@ -11,7 +11,7 @@ module SourcegraphDecorator
       next unless Gitlab::CurrentSettings.sourcegraph_enabled
 
       default_connect_src = p.directives['connect-src'] || p.directives['default-src']
-      connect_src_values = Array.wrap(default_connect_src) | [Gitlab::CurrentSettings.sourcegraph_url]
+      connect_src_values = Array.wrap(default_connect_src) | [Gitlab::Utils.append_path(Gitlab::CurrentSettings.sourcegraph_url, '.api/')]
       p.connect_src(*connect_src_values)
     end
   end

app/models/ci/runner_namespace.rb

@@ -7,7 +7,6 @@ module Ci
     self.limit_name = 'ci_registered_group_runners'
     self.limit_scope = :group
     self.limit_relation = :recent_runners
-    self.limit_feature_flag_for_override = :ci_runner_limits_override
 
     belongs_to :runner, inverse_of: :runner_namespaces
     belongs_to :namespace, inverse_of: :runner_namespaces, class_name: '::Namespace'

app/models/ci/runner_project.rb

@@ -7,7 +7,6 @@ module Ci
     self.limit_name = 'ci_registered_project_runners'
     self.limit_scope = :project
     self.limit_relation = :recent_runners
-    self.limit_feature_flag_for_override = :ci_runner_limits_override
 
     belongs_to :runner, inverse_of: :runner_projects
     belongs_to :project, inverse_of: :runner_projects

config/feature_flags/development/linear_groups_template_finder_extended_group_search_ancestors_scopes.yml

@@ -1,8 +1,8 @@
 ---
-name: ci_runner_limits_override
+name: linear_groups_template_finder_extended_group_search_ancestors_scopes
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/67152
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74599
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/337224
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/345786
-milestone: '14.2'
+milestone: '14.6'
 type: development
-group: group::runner
+group: group::access
 default_enabled: false

doc/administration/instance_limits.md

@@ -551,8 +551,8 @@ Plan.default.actual_limits.update!(pages_file_entries: 100)
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/321368) in GitLab 13.12. Disabled by default.
 > - Enabled on GitLab.com in GitLab 14.3.
 > - Enabled on self-managed in GitLab 14.4.
-> - Feature flag `ci_runner_limits` removed in GitLab 14.4. You can still use `ci_runner_limits_override`
+> - Feature flag `ci_runner_limits` removed in GitLab 14.4. 
-    to remove limits for a given scope.
+> - Feature flag `ci_runner_limits_override` removed in GitLab 14.6.
 
 The total number of registered runners is limited at the group and project levels. Each time a new runner is registered,
 GitLab checks these limits against runners that have been active in the last 3 months.

doc/development/documentation/styleguide/word_list.md

@@ -47,7 +47,7 @@ Capitalize these words when you refer to the UI. Otherwise use lowercase.
 Use **administrator** instead of **admin** when talking about a user's access level.
 Use lowercase unless you are referring to the **Admin** access level you select in the UI.
 
-To view the administrator access type, in the GitLab UI, go to the Admin Area and select
+To view the administrator access level, in the GitLab UI, go to the Admin Area and select
 **Users**. Then select **New user**.
 
 ![admin access level](img/admin_access_level.png)

doc/development/service_ping/index.md

@@ -8,40 +8,24 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 > Introduced in GitLab Ultimate 11.2, more statistics.
 
-This guide describes Service Ping's purpose and how it's implemented.
+Service Ping is a GitLab process that collects and sends a weekly payload to GitLab.
-
-For more information about Product Intelligence, see:
-
-- [Product Intelligence Guide](https://about.gitlab.com/handbook/product/product-intelligence-guide/)
-- [Snowplow Guide](../snowplow/index.md)
-
-More links:
-
-- [Product Intelligence Direction](https://about.gitlab.com/direction/product-intelligence/)
-- [Data Analysis Process](https://about.gitlab.com/handbook/business-technology/data-team/#data-analysis-process/)
-- [Data for Product Managers](https://about.gitlab.com/handbook/business-technology/data-team/programs/data-for-product-managers/)
-- [Data Infrastructure](https://about.gitlab.com/handbook/business-technology/data-team/platform/infrastructure/)
-
-## What is Service Ping?
-
-Service Ping is a process in GitLab that collects and sends a weekly payload to GitLab Inc.
 The payload provides important high-level data that helps our product, support,
-and sales teams understand how GitLab is used. For example, the data helps to:
+and sales teams understand how GitLab is used. The data helps to:
 
 - Compare counts month over month (or week over week) to get a rough sense for how an instance uses
   different product features.
 - Collect other facts that help us classify and understand GitLab installations.
-- Calculate our Stage Monthly Active Users (SMAU), which helps to measure the success of our stages
+- Calculate our stage monthly active users (SMAU), which helps to measure the success of our stages
   and features.
 
-Service Ping information is not anonymous. It's linked to the instance's hostname. However, it does
+Service Ping information is not anonymous. It's linked to the instance's hostname, but does
 not contain project names, usernames, or any other specific data.
 
-Sending a Service Ping payload is optional and can be [disabled](#disable-service-ping) on any self-managed instance.
+Sending a Service Ping payload is optional and you can [disable](#disable-service-ping) it on any 
-When Service Ping is enabled, GitLab gathers data from the other instances
+self-managed instance. When Service Ping is enabled, GitLab gathers data from the other instances
 and can show your instance's usage statistics to your users.
 
-### Terminology
+## Service Ping terminology
 
 We use the following terminology to describe the Service Ping components:
 
@@ -53,12 +37,18 @@ We use the following terminology to describe the Service Ping components:
 - **MAU**: monthly active users.
 - **WAU**: weekly active users.
 
-### Why should we enable Service Ping?
+### Why enable Service Ping?
+
+The main purpose of Service Ping is to build a better GitLab. We collect data about how GitLab is used
+to understand feature or stage adoption and usage. This data gives an insight into how GitLab adds
+value and helps our team understand the reasons why people use GitLab, and with this knowledge we're able to 
+make better product decisions.
+
+There are several other benefits to enabling Service Ping: 
 
-- The main purpose of Service Ping is to build a better GitLab. Data about how GitLab is used is collected to better understand feature/stage adoption and usage, which helps us understand how GitLab is adding value and helps our team better understand the reasons why people use GitLab and with this knowledge we're able to make better product decisions.
 - As a benefit of having Service Ping active, GitLab lets you analyze the users' activities over time of your GitLab installation.
 - As a benefit of having Service Ping active, GitLab provides you with [DevOps Score](../../user/admin_area/analytics/dev_ops_report.md#devops-score), which gives you an overview of your entire instance's adoption of Concurrent DevOps from planning to monitoring.
-- You get better, more proactive support. (assuming that our TAMs and support organization used the data to deliver more value)
+- You get better, more proactive support (assuming that our TAMs and support organization used the data to deliver more value).
 - You get insight and advice into how to get the most value out of your investment in GitLab. Wouldn't you want to know that a number of features or values are not being adopted in your organization?
 - You get a report that illustrates how you compare against other similar organizations (anonymized), with specific advice and recommendations on how to improve your DevOps processes.
 - Service Ping is enabled by default. To disable it, see [Disable Service Ping](#disable-service-ping).
@@ -78,7 +68,7 @@ Because of these limitations we recommend you:
 
 > Introduced in GitLab 14.1.
 
-In GitLab versions 14.1 and later, free self-managed users running [GitLab EE](../ee_features.md) can receive paid features by registering with GitLab and sending us activity data through [Service Ping](#what-is-service-ping). Features introduced here do not remove the feature from its paid tier. Users can continue to access the features in a paid tier without sharing usage data.
+In GitLab versions 14.1 and later, free self-managed users running [GitLab EE](../ee_features.md) can receive paid features by registering with GitLab and sending us activity data through Service Ping. Features introduced here do not remove the feature from its paid tier. Users can continue to access the features in a paid tier without sharing usage data.
 
 #### Features available in 14.1 and later
 
@@ -609,3 +599,12 @@ To work around this bug, you have two options:
   1. Expand **Usage Statistics**.
   1. Clear the **Enable Service Ping** checkbox.
   1. Select **Save Changes**.
+
+## Related topics
+
+- [Product Intelligence Guide](https://about.gitlab.com/handbook/product/product-intelligence-guide/)
+- [Snowplow Guide](../snowplow/index.md)
+- [Product Intelligence Direction](https://about.gitlab.com/direction/product-intelligence/)
+- [Data Analysis Process](https://about.gitlab.com/handbook/business-technology/data-team/#data-analysis-process/)
+- [Data for Product Managers](https://about.gitlab.com/handbook/business-technology/data-team/programs/data-for-product-managers/)
+- [Data Infrastructure](https://about.gitlab.com/handbook/business-technology/data-team/platform/infrastructure/)

doc/user/packages/npm_registry/index.md

@@ -17,6 +17,10 @@ Only [scoped](https://docs.npmjs.com/misc/scope/) packages are supported.
 For documentation of the specific API endpoints that the npm package manager
 client uses, see the [npm API documentation](../../../api/packages/npm.md).
 
+WARNING:
+Never hardcode GitLab tokens (or any tokens) directly in `.npmrc` files or any other files that can
+be committed to a repository.
+
 ## Build an npm package
 
 This section covers how to install npm or Yarn and build a package for your
@@ -430,14 +434,16 @@ You can route package requests to organizations and users outside of GitLab.
 To do this, add lines to your `.npmrc` file. Replace `my-org` with the namespace or group that owns your project's repository,
 and use your organization's URL. The name is case-sensitive and must match the name of your group or namespace exactly.
 
+Use environment variables to set up your tokens: `export MY_TOKEN="<your token>"`.
+
 ```shell
 @foo:registry=https://gitlab.example.com/api/v4/packages/npm/
-//gitlab.example.com/api/v4/packages/npm/:_authToken= "<your_token>"
+//gitlab.example.com/api/v4/packages/npm/:_authToken=${MY_TOKEN}
-//gitlab.example.com/api/v4/projects/<your_project_id>/packages/npm/:_authToken= "<your_token>"
+//gitlab.example.com/api/v4/projects/<your_project_id>/packages/npm/:_authToken=${MY_TOKEN}
 
 @my-other-org:registry=https://gitlab.example.com/api/v4/packages/npm/
-//gitlab.example.com/api/v4/packages/npm/:_authToken= "<your_token>"
+//gitlab.example.com/api/v4/packages/npm/:_authToken=${MY_TOKEN}
-//gitlab.example.com/api/v4/projects/<your_project_id>/packages/npm/:_authToken= "<your_token>"
+//gitlab.example.com/api/v4/projects/<your_project_id>/packages/npm/:_authToken=${MY_TOKEN}
 ```
 
 ### npm metadata

lib/gitlab/content_security_policy/config_loader.rb

@@ -147,10 +147,7 @@ module Gitlab
       # Using 'self' in the CSP introduces several CSP bypass opportunities
       # for this reason we list the URLs where GitLab frames itself instead
       def self.allow_framed_gitlab_paths(directives)
-        # We need the version without trailing / for the sidekiq page itself
+        ['/admin/', '/assets/', '/-/speedscope/index.html'].map do |path|
-        # and we also need the version with trailing / for "deeper" pages
-        # like /admin/sidekiq/busy
-        ['/admin/sidekiq', '/admin/sidekiq/', '/-/speedscope/index.html'].map do |path|
           append_to_directive(directives, 'frame_src', Gitlab::Utils.append_path(Gitlab.config.gitlab.url, path))
         end
       end

spec/features/ide/clientside_preview_csp_spec.rb

@@ -12,7 +12,7 @@ RSpec.describe 'IDE Clientside Preview CSP' do
   end
 
   it_behaves_like 'setting CSP', 'frame-src' do
-    let(:whitelisted_url) { 'https://sandbox.gitlab-static.test' }
+    let(:allowlisted_url) { 'https://sandbox.gitlab-static.test' }
     let(:extended_controller_class) { IdeController }
 
     subject do
@@ -23,7 +23,7 @@ RSpec.describe 'IDE Clientside Preview CSP' do
 
     before do
       stub_application_setting(web_ide_clientside_preview_enabled: true)
-      stub_application_setting(web_ide_clientside_preview_bundler_url: whitelisted_url)
+      stub_application_setting(web_ide_clientside_preview_bundler_url: allowlisted_url)
 
       sign_in(user)
     end

spec/features/ide/static_object_external_storage_csp_spec.rb

@@ -12,7 +12,7 @@ RSpec.describe 'Static Object External Storage Content Security Policy' do
   end
 
   it_behaves_like 'setting CSP', 'connect-src' do
-    let_it_be(:whitelisted_url) { 'https://static-objects.test' }
+    let_it_be(:allowlisted_url) { 'https://static-objects.test' }
     let_it_be(:extended_controller_class) { IdeController }
 
     subject do
@@ -22,7 +22,7 @@ RSpec.describe 'Static Object External Storage Content Security Policy' do
     end
 
     before do
-      allow_any_instance_of(ApplicationSetting).to receive(:static_objects_external_storage_url).and_return(whitelisted_url)
+      allow_any_instance_of(ApplicationSetting).to receive(:static_objects_external_storage_url).and_return(allowlisted_url)
       allow_any_instance_of(ApplicationSetting).to receive(:static_objects_external_storage_auth_token).and_return('letmein')
 
       sign_in(user)

spec/features/projects/sourcegraph_csp_spec.rb

@@ -13,7 +13,8 @@ RSpec.describe 'Sourcegraph Content Security Policy' do
   end
 
   it_behaves_like 'setting CSP', 'connect-src' do
-    let_it_be(:whitelisted_url) { 'https://sourcegraph.test' }
+    let_it_be(:sourcegraph_url) { 'https://sourcegraph.test' }
+    let_it_be(:allowlisted_url) { "#{sourcegraph_url}/.api/" }
     let_it_be(:extended_controller_class) { Projects::BlobController }
 
     subject do
@@ -23,7 +24,7 @@ RSpec.describe 'Sourcegraph Content Security Policy' do
     end
 
     before do
-      allow(Gitlab::CurrentSettings).to receive(:sourcegraph_url).and_return(whitelisted_url)
+      allow(Gitlab::CurrentSettings).to receive(:sourcegraph_url).and_return(sourcegraph_url)
       allow(Gitlab::CurrentSettings).to receive(:sourcegraph_enabled).and_return(true)
 
       sign_in(user)

spec/frontend/diffs/components/diff_file_spec.js

@@ -3,7 +3,7 @@ import MockAdapter from 'axios-mock-adapter';
 import { nextTick } from 'vue';
 import Vuex from 'vuex';
 
-import DiffContentComponent from '~/diffs/components/diff_content.vue';
+import DiffContentComponent from 'jh_else_ce/diffs/components/diff_content.vue';
 import DiffFileComponent from '~/diffs/components/diff_file.vue';
 import DiffFileHeaderComponent from '~/diffs/components/diff_file_header.vue';
 

spec/lib/gitlab/content_security_policy/config_loader_spec.rb

@@ -85,7 +85,7 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
         expect(directives['style_src']).to eq("'self' 'unsafe-inline' https://cdn.example.com")
         expect(directives['font_src']).to eq("'self' https://cdn.example.com")
         expect(directives['worker_src']).to eq('http://localhost/assets/ blob: data: https://cdn.example.com')
-        expect(directives['frame_src']).to eq(::Gitlab::ContentSecurityPolicy::Directives.frame_src + " https://cdn.example.com http://localhost/admin/sidekiq http://localhost/admin/sidekiq/ http://localhost/-/speedscope/index.html")
+        expect(directives['frame_src']).to eq(::Gitlab::ContentSecurityPolicy::Directives.frame_src + " https://cdn.example.com http://localhost/admin/ http://localhost/assets/ http://localhost/-/speedscope/index.html")
       end
     end
 
@@ -113,7 +113,7 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
         end
 
         it 'does not add CUSTOMER_PORTAL_URL to CSP' do
-          expect(directives['frame_src']).to eq(::Gitlab::ContentSecurityPolicy::Directives.frame_src + " http://localhost/admin/sidekiq http://localhost/admin/sidekiq/ http://localhost/-/speedscope/index.html")
+          expect(directives['frame_src']).to eq(::Gitlab::ContentSecurityPolicy::Directives.frame_src + " http://localhost/admin/ http://localhost/assets/ http://localhost/-/speedscope/index.html")
         end
       end
 
@@ -123,7 +123,7 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do
         end
 
         it 'adds CUSTOMER_PORTAL_URL to CSP' do
-          expect(directives['frame_src']).to eq(::Gitlab::ContentSecurityPolicy::Directives.frame_src + " http://localhost/rails/letter_opener/ https://customers.example.com http://localhost/admin/sidekiq http://localhost/admin/sidekiq/ http://localhost/-/speedscope/index.html")
+          expect(directives['frame_src']).to eq(::Gitlab::ContentSecurityPolicy::Directives.frame_src + " http://localhost/rails/letter_opener/ https://customers.example.com http://localhost/admin/ http://localhost/assets/ http://localhost/-/speedscope/index.html")
         end
       end
     end

spec/models/ci/runner_namespace_spec.rb

@@ -4,12 +4,6 @@ require 'spec_helper'
 
 RSpec.describe Ci::RunnerNamespace do
   it_behaves_like 'includes Limitable concern' do
-    before do
-      skip_default_enabled_yaml_check
-
-      stub_feature_flags(ci_runner_limits_override: false)
-    end
-
     subject { build(:ci_runner_namespace, group: create(:group, :nested), runner: create(:ci_runner, :group)) }
   end
 end

spec/models/ci/runner_project_spec.rb

@@ -4,12 +4,6 @@ require 'spec_helper'
 
 RSpec.describe Ci::RunnerProject do
   it_behaves_like 'includes Limitable concern' do
-    before do
-      skip_default_enabled_yaml_check
-
-      stub_feature_flags(ci_runner_limits_override: false)
-    end
-
     subject { build(:ci_runner_project, project: create(:project), runner: create(:ci_runner, :project)) }
   end
 end

spec/requests/api/ci/runner/runners_post_spec.rb

@@ -98,33 +98,14 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do
             before do
               create(:ci_runner, runner_type: :project_type, projects: [project], contacted_at: 1.second.ago)
               create(:plan_limits, :default_plan, ci_registered_project_runners: 1)
-
-              skip_default_enabled_yaml_check
-              stub_feature_flags(ci_runner_limits_override: ci_runner_limits_override)
             end
 
-            context 'with ci_runner_limits_override FF disabled' do
+            it 'does not create runner' do
-              let(:ci_runner_limits_override) { false }
+              request
 
-              it 'does not create runner' do
+              expect(response).to have_gitlab_http_status(:bad_request)
-                request
+              expect(json_response['message']).to include('runner_projects.base' => ['Maximum number of ci registered project runners (1) exceeded'])
-
+              expect(project.runners.reload.size).to eq(1)
-                expect(response).to have_gitlab_http_status(:bad_request)
-                expect(json_response['message']).to include('runner_projects.base' => ['Maximum number of ci registered project runners (1) exceeded'])
-                expect(project.runners.reload.size).to eq(1)
-              end
-            end
-
-            context 'with ci_runner_limits_override FF enabled' do
-              let(:ci_runner_limits_override) { true }
-
-              it 'creates runner' do
-                request
-
-                expect(response).to have_gitlab_http_status(:created)
-                expect(json_response['message']).to be_nil
-                expect(project.runners.reload.size).to eq(2)
-              end
             end
           end
 
@@ -132,9 +113,6 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do
             before do
               create(:ci_runner, runner_type: :project_type, projects: [project], created_at: 14.months.ago, contacted_at: 13.months.ago)
               create(:plan_limits, :default_plan, ci_registered_project_runners: 1)
-
-              skip_default_enabled_yaml_check
-              stub_feature_flags(ci_runner_limits_override: false)
             end
 
             it 'creates runner' do
@@ -204,33 +182,14 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do
             before do
               create(:ci_runner, runner_type: :group_type, groups: [group], contacted_at: nil, created_at: 1.month.ago)
               create(:plan_limits, :default_plan, ci_registered_group_runners: 1)
-
-              skip_default_enabled_yaml_check
-              stub_feature_flags(ci_runner_limits_override: ci_runner_limits_override)
             end
 
-            context 'with ci_runner_limits_override FF disabled' do
+            it 'does not create runner' do
-              let(:ci_runner_limits_override) { false }
+              request
 
-              it 'does not create runner' do
+              expect(response).to have_gitlab_http_status(:bad_request)
-                request
+              expect(json_response['message']).to include('runner_namespaces.base' => ['Maximum number of ci registered group runners (1) exceeded'])
-
+              expect(group.runners.reload.size).to eq(1)
-                expect(response).to have_gitlab_http_status(:bad_request)
-                expect(json_response['message']).to include('runner_namespaces.base' => ['Maximum number of ci registered group runners (1) exceeded'])
-                expect(group.runners.reload.size).to eq(1)
-              end
-            end
-
-            context 'with ci_runner_limits_override FF enabled' do
-              let(:ci_runner_limits_override) { true }
-
-              it 'creates runner' do
-                request
-
-                expect(response).to have_gitlab_http_status(:created)
-                expect(json_response['message']).to be_nil
-                expect(group.runners.reload.size).to eq(2)
-              end
             end
           end
 
@@ -239,9 +198,6 @@ RSpec.describe API::Ci::Runner, :clean_gitlab_redis_shared_state do
               create(:ci_runner, runner_type: :group_type, groups: [group], created_at: 4.months.ago, contacted_at: 3.months.ago)
               create(:ci_runner, runner_type: :group_type, groups: [group], contacted_at: nil, created_at: 4.months.ago)
               create(:plan_limits, :default_plan, ci_registered_group_runners: 1)
-
-              skip_default_enabled_yaml_check
-              stub_feature_flags(ci_runner_limits_override: false)
             end
 
             it 'creates runner' do

spec/requests/api/ci/runners_spec.rb

@@ -1101,31 +1101,13 @@ RSpec.describe API::Ci::Runners do
           context 'when it exceeds the application limits' do
             before do
               create(:plan_limits, :default_plan, ci_registered_project_runners: 1)
-
-              skip_default_enabled_yaml_check
-              stub_feature_flags(ci_runner_limits_override: ci_runner_limits_override)
             end
 
-            context 'with ci_runner_limits_override FF disabled' do
+            it 'does not enable specific runner' do
-              let(:ci_runner_limits_override) { false }
+              expect do
-
+                post api("/projects/#{project.id}/runners", admin), params: { runner_id: new_project_runner.id }
-              it 'does not enable specific runner' do
+              end.not_to change { project.runners.count }
-                expect do
+              expect(response).to have_gitlab_http_status(:bad_request)
-                  post api("/projects/#{project.id}/runners", admin), params: { runner_id: new_project_runner.id }
-                end.not_to change { project.runners.count }
-                expect(response).to have_gitlab_http_status(:bad_request)
-              end
-            end
-
-            context 'with ci_runner_limits_override FF enabled' do
-              let(:ci_runner_limits_override) { true }
-
-              it 'enables specific runner' do
-                expect do
-                  post api("/projects/#{project.id}/runners", admin), params: { runner_id: new_project_runner.id }
-                end.to change { project.runners.count }
-                expect(response).to have_gitlab_http_status(:created)
-              end
             end
           end
         end

spec/support/shared_examples/csp.rb

@@ -28,7 +28,7 @@ RSpec.shared_examples 'setting CSP' do |rule_name|
 
     context 'when feature is enabled' do
       it "appends to #{rule_name}" do
-        is_expected.to eql("#{rule_name} #{default_csp_values} #{whitelisted_url}")
+        is_expected.to eql("#{rule_name} #{default_csp_values} #{allowlisted_url}")
       end
     end
 
@@ -46,7 +46,7 @@ RSpec.shared_examples 'setting CSP' do |rule_name|
 
     context 'when feature is enabled' do
       it "uses default-src values in #{rule_name}" do
-        is_expected.to eql("default-src #{default_csp_values}; #{rule_name} #{default_csp_values} #{whitelisted_url}")
+        is_expected.to eql("default-src #{default_csp_values}; #{rule_name} #{default_csp_values} #{allowlisted_url}")
       end
     end
 
@@ -64,7 +64,7 @@ RSpec.shared_examples 'setting CSP' do |rule_name|
 
     context 'when feature is enabled' do
       it "uses default-src values in #{rule_name}" do
-        is_expected.to eql("font-src #{default_csp_values}; #{rule_name} #{whitelisted_url}")
+        is_expected.to eql("font-src #{default_csp_values}; #{rule_name} #{allowlisted_url}")
       end
     end