From 624b187b192876de1a59a6f6b26fe11062db072c Mon Sep 17 00:00:00 2001
From: Cristian Maglie <c.maglie@bug.st>
Date: Mon, 3 Nov 2025 18:35:42 +0100
Subject: [PATCH] fix: Use a valid origin in the config check for websockets

---
 internal/api/handlers/monitor.go      | 2 +-
 internal/api/handlers/monitor_test.go | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/internal/api/handlers/monitor.go b/internal/api/handlers/monitor.go
index f1c357fa..5aaf8f4d 100644
--- a/internal/api/handlers/monitor.go
+++ b/internal/api/handlers/monitor.go
@@ -128,7 +128,7 @@ func checkOrigin(origin string, allowedOrigins []string) bool {
 
 func HandleMonitorWS(allowedOrigins []string) http.HandlerFunc {
 	// Do a dry-run of checkorigin, so it can panic if misconfigured now, not on first request
-	_ = checkOrigin("http://example.com:8000", allowedOrigins)
+	_ = checkOrigin("http://localhost", allowedOrigins)
 
 	upgrader := websocket.Upgrader{
 		ReadBufferSize:  1024,
diff --git a/internal/api/handlers/monitor_test.go b/internal/api/handlers/monitor_test.go
index 3f02e676..e54c7f24 100644
--- a/internal/api/handlers/monitor_test.go
+++ b/internal/api/handlers/monitor_test.go
@@ -41,6 +41,7 @@ func TestCheckOrigin(t *testing.T) {
 	allow("wails://wails")
 	allow("wails://wails:8000")
 	allow("http://wails.localhost")
+	allow("http://localhost")
 	allow("http://example.com:7000")
 	allow("https://blah.com:443")
 	deny("wails://evil.com")