Revert "Enforce websocket origin allowlist with secure-mode config"

This reverts commit cf30229b37.
2026-02-28 04:52:44 -05:00
parent cf30229b37
commit 027f04e58d
9 changed files with 1 additions and 87 deletions
--- a/server/config.example.toml
+++ b/server/config.example.toml
@@ -9,10 +9,6 @@ port = 8765
 max_message_bytes = 2000000
 # Secure-by-default: TLS is required unless you explicitly set this to true for local/dev.
 allow_insecure_ws = false
-# Allowed websocket request Origin values.
-# Production: list your deployed https web origins explicitly.
-# Local/dev: when allow_insecure_ws=true and this list is empty, localhost defaults are used.
-allowed_origins = ["https://bestmidi.com", "https://www.bestmidi.com"]

 [tls]
 # Required when allow_insecure_ws = false.