Revert "Enforce websocket origin allowlist with secure-mode config"

This reverts commit cf30229b37.
2026-02-28 04:52:44 -05:00
parent cf30229b37
commit 027f04e58d
9 changed files with 1 additions and 87 deletions
--- a/README.md
+++ b/README.md
@@ -26,7 +26,6 @@ npm run dev
 Notes:
 - Server defaults to `config.toml` when present.
 - Server bind/port defaults are `127.0.0.1:8765` unless changed in config or CLI flags.
- Server websocket origin checks use `network.allowed_origins`; in secure mode (`allow_insecure_ws=false`), configure your real `https://` site origins.
 - Client dev defaults to Vite local host/port (`localhost:5173`) unless flags override.
 - Auth requires `CHGRID_AUTH_SECRET` in server environment; `deploy/scripts/install_server.sh` creates `server/.env` with this value automatically if missing.
 - Saved login/session persistence uses a server-set `HttpOnly` cookie (`chgrid_session_token`).