There is no reason to maintain a "upload by url" whitelist instead of a blacklist considering that there should not be any technical difficulties (except bug 42473 ).
Furthermore only trusted community members (e.g. administrators) are granted the "upload_by_url" right so this is not a problem as well.
Version: 1.23.0
Severity: enhancement
See Also:
T47735: Allow other domains in $wgCopyUploadsDomains to enable full support of upload_by_url