Remove the GRIST_ALLOWED_HOSTS environment variable (#899)

This mostly reverts commit 49b1749e98.

test/server/lib/DocApi.ts

@@ -4865,23 +4865,6 @@ function testDocApi() {
   });
 
   describe("Allowed Origin", () => {
-    it('should allow only example.com', async () => {
-      async function checkOrigin(origin: string, allowed: boolean) {
-        const resp = await axios.get(`${serverUrl}/api/docs/${docIds.Timesheets}/tables/Table1/data`,
-          {...chimpy, headers: {...chimpy.headers, "Origin": origin}}
-        );
-        assert.equal(resp.headers['access-control-allow-credentials'], allowed ? 'true' : undefined);
-        assert.equal(resp.status, allowed ? 200 : 403);
-      }
-
-      await checkOrigin("https://www.toto.com", false);
-      await checkOrigin("https://badexample.com", false);
-      await checkOrigin("https://bad.com/example.com/toto", false);
-      await checkOrigin("https://example.com/path", true);
-      await checkOrigin("https://example.com:3000/path", true);
-      await checkOrigin("https://good.example.com/toto", true);
-    });
-
     it("should respond with correct CORS headers", async function () {
       const wid = await getWorkspaceId(userApi, 'Private');
       const docId = await userApi.newDoc({name: 'CorsTestDoc'}, wid);

test/server/lib/helpers/TestServer.ts

@@ -49,7 +49,6 @@ export class TestServer {
       GRIST_PORT: '0',
       GRIST_DISABLE_S3: 'true',
       REDIS_URL: process.env.TEST_REDIS_URL,
-      GRIST_ALLOWED_HOSTS: `example.com,localhost`,
       GRIST_TRIGGER_WAIT_DELAY: '100',
       // this is calculated value, some tests expect 4 attempts and some will try 3 times
       GRIST_TRIGGER_MAX_ATTEMPTS: '4',