You now have the option to whitelist the domain where your customers will be redirected to (after their customer portal login is successful), on your own. By doing so, only those return and cancel URLs matching the whitelisted domain will be allowed for portal authentication, thus preventing phishing attacks from malicious websites.
To whitelist a return URL domain, you just have to specify the domain name of your website without a http or https prefix. For example, If the return URL is https://your-domain.com/list_products, then you'll have to enter your-domain.com as the whitelisted domain.
Only merchants who're using Chargebee's customer portal authentication option for managing their customer logins need to configure this option.