Remove this Origin check, please!

I'm hoping this old comment can be addressed now?

Which affects this code:

As far as I can tell, there is no current documentation that mentions use of anything other than the APP_BASE_URL environment variable. Even though the code does use USER_CONTENT_BASE_URL and API_BASE_URL. Maybe the easy/safe fix is to specify that the origin is valid if none of the other base url environment variables are specified? That way this code will continue to function as designed when different domains are used.

Yes! Please allow to REMOVE/DISABLE origin check. This is making many problems.