The origin headers should be verified, and the verifying policy (while able to override via command line) should be same-domain.
The origin headers should be verified, and the verifying policy (while able to override via command line) should be same-domain.