diff --git a/integration/caching_test.js b/integration/caching_test.js
index 92ef35b87521241d2aefdb0c99233eb18d0847c0..4634526f19385020890b5de32a55611d14faaca8 100644
--- a/integration/caching_test.js
+++ b/integration/caching_test.js
@@ -30,7 +30,7 @@ describe('File caching service', function () {
   let app, pubClient
 
   beforeEach(async function () {
-    await mockConfig({ baseUrls: ['http://ui-server'] })
+    await mockConfig({ baseUrls: ['http://ui-server/'] })
     mockFetch({
       'http://ui-server': {
         '/manifest.json': generateSimpleViteManifest({
@@ -62,7 +62,7 @@ describe('File caching service', function () {
     const version = response.headers.version
 
     const { client } = await import('../src/redis.js')
-    expect(await client.get(getRedisKey({ version, name: 'viteManifests' }))).to.equal('{"index.html":{"file":"index.html","meta":{"baseUrl":"http://ui-server"}}}')
+    expect(await client.get(getRedisKey({ version, name: 'viteManifests' }))).to.equal('{"index.html":{"file":"index.html","meta":{"baseUrl":"http://ui-server/"}}}')
     const redisData = await client.getBuffer(getRedisKey({ version, name: 'oxManifests:body' }))
     expect(zlib.brotliDecompressSync(redisData || '').toString()).to.equal('[]')
   })
@@ -95,9 +95,4 @@ describe('File caching service', function () {
     const response2 = await app.inject({ url: '/demo.js', headers: { version } })
     expect(response2.statusCode).to.equal(200)
   })
-
-  it('does not fetch from origins not defined in baseUrls', async function () {
-    const response = await app.inject({ url: '//t989be0.netlify.app/xss.html' })
-    expect(response.statusCode).to.equal(400)
-  })
 })
diff --git a/integration/config_test.js b/integration/config_test.js
index 2a69ee88967b179971a69758ad8573fd96a9902e..b8f2c7230f632e4322bf6be8b0246699a0c31392 100644
--- a/integration/config_test.js
+++ b/integration/config_test.js
@@ -32,7 +32,7 @@ describe('Configuration', function () {
   beforeEach(async function () {
     // need to set the redis-prefix. Otherwise, the bull workers will interfere
     process.env.REDIS_PREFIX = Math.random().toString()
-    await mockConfig(config = { baseUrls: ['http://ui-server'] })
+    await mockConfig(config = { baseUrls: ['http://ui-server/'] })
     mockFetch({
       'http://ui-server': {
         '/manifest.json': generateSimpleViteManifest({
diff --git a/integration/update-version_test.js b/integration/update-version_test.js
index d1673c95aa60450a235acb47d7f7f13f6085bea0..3e154dc887d93fd6386fb198591f09d4e19ca1bf 100644
--- a/integration/update-version_test.js
+++ b/integration/update-version_test.js
@@ -33,7 +33,7 @@ describe('Updates the version', function () {
   beforeEach(async function () {
     // need to set the redis-prefix. Otherwise, the bull workers will interfere
     process.env.REDIS_PREFIX = Math.random().toString()
-    await mockConfig({ baseUrls: ['http://ui-server'] })
+    await mockConfig({ baseUrls: ['http://ui-server/'] })
     mockFetch({
       'http://ui-server': {
         '/manifest.json': generateSimpleViteManifest({
@@ -109,7 +109,7 @@ describe('Updates the version', function () {
       td.reset()
       // need to set the redis-prefix. Otherwise, the bull workers will interfere
       process.env.REDIS_PREFIX = Math.random().toString()
-      await mockConfig({ baseUrls: ['http://ui-server'] })
+      await mockConfig({ baseUrls: ['http://ui-server/'] })
       mockFetch({
         'http://ui-server': {
           '/manifest.json': generateSimpleViteManifest({
diff --git a/spec/app_root_test.js b/spec/app_root_test.js
index ddb3d8b1c252a0b25dbc4d96b4b5f053a4915142..9de7bc005f0dffe06b1b787bf9338004c9d7901c 100644
--- a/spec/app_root_test.js
+++ b/spec/app_root_test.js
@@ -29,7 +29,7 @@ describe('With different app root', function () {
   let app
 
   beforeEach(async function () {
-    await mockConfig({ baseUrls: ['http://ui-server'] })
+    await mockConfig({ baseUrls: ['http://ui-server/'] })
     const { client } = await mockRedis()
     mockFetch({
       'http://ui-server': {
diff --git a/spec/file_caching_test.js b/spec/file_caching_test.js
index ff747080128814e7aa16941eb39c8b742e81ae1f..e9e68e9cd50453da4438c92d9a31edc08673b64c 100644
--- a/spec/file_caching_test.js
+++ b/spec/file_caching_test.js
@@ -37,7 +37,7 @@ describe('File caching service', function () {
   let redis
 
   beforeEach(async function () {
-    await mockConfig({ baseUrls: ['http://ui-server'] })
+    await mockConfig({ baseUrls: ['http://ui-server/'] })
     redis = await mockRedis()
     mockFetch({
       'http://ui-server': {}
@@ -273,9 +273,4 @@ describe('File caching service', function () {
     // check for files in redis
     expect(await redis.client.getBuffer('ui-middleware:554855300:/file.svg:body')).to.deep.equal(response.rawPayload)
   })
-
-  it('does not fetch from origins not defined in baseUrls', async function () {
-    const response = await app.inject({ url: '//t989be0.netlify.app/xss.html' })
-    expect(response.statusCode).to.equal(400)
-  })
 })
diff --git a/spec/redirect_test.js b/spec/redirect_test.js
index 03556d742f5311a1c44c383ae5499e6aac7e1518..04cbefc906a0890a5d1a6f5ca986da003fece5f8 100644
--- a/spec/redirect_test.js
+++ b/spec/redirect_test.js
@@ -29,7 +29,7 @@ describe('Redirects', function () {
   let app
 
   before(async function () {
-    await mockConfig({ baseUrls: ['http://ui-server'] })
+    await mockConfig({ baseUrls: ['http://ui-server/'] })
     await mockRedis()
     mockFetch({
       'http://ui-server': {
diff --git a/spec/salt_test.js b/spec/salt_test.js
index 28a462113ea32953498663465fa7f003a9edb42a..bff60e3971964fe1898076be870ef60475fd38a6 100644
--- a/spec/salt_test.js
+++ b/spec/salt_test.js
@@ -30,7 +30,7 @@ describe('Salt', function () {
   let config
 
   beforeEach(async function () {
-    await mockConfig(config = { baseUrls: ['http://ui-server'] })
+    await mockConfig(config = { baseUrls: ['http://ui-server/'] })
     await mockRedis()
     mockFetch({
       'http://ui-server': {
diff --git a/spec/server_test.js b/spec/server_test.js
index b539722446eba2027623fb65a0fe230f6fc9f50a..fe50fcabe9dd2a4b6e1243651923d01317f11d9b 100644
--- a/spec/server_test.js
+++ b/spec/server_test.js
@@ -30,7 +30,7 @@ describe('UI Middleware', function () {
   let fetchConfig
 
   beforeEach(async function () {
-    await mockConfig({ baseUrls: ['http://ui-server'] })
+    await mockConfig({ baseUrls: ['http://ui-server/'] })
     await mockRedis()
     mockFetch(fetchConfig = {
       'http://ui-server': {
@@ -77,7 +77,7 @@ describe('UI Middleware', function () {
 
   describe('multiple configurations', function () {
     beforeEach(async function () {
-      await mockConfig({ baseUrls: ['http://ui-server', 'http://ui-server2'] })
+      await mockConfig({ baseUrls: ['http://ui-server/', 'http://ui-server2/'] })
       fetchConfig['http://ui-server2'] = {
         '/manifest.json': generateSimpleViteManifest({ 'example2.js': 'thing' }),
         '/example2.js': ''
diff --git a/spec/util.js b/spec/util.js
index 964b1dabdb32985b1070eeb27e95a562a141dd7e..1e7a9511662e3f74237d6d62b13662062a8b2086 100644
--- a/spec/util.js
+++ b/spec/util.js
@@ -60,12 +60,7 @@ export function mockConfig (obj = {}) {
 export function mockFetch (servers = {}) {
   td.replace(global, 'fetch', async function ({ origin, pathname }, ...args) {
     const response = servers[origin]?.[pathname]
-    if (response === undefined) {
-      if (origin === 'http://t989be0.netlify.app') {
-        return new Response('<html><code>Proof of Concept</code><script>alert(document.domain)</script></html>', { status: 200, headers: { 'Content-Type': 'text/html' } })
-      }
-      return new Response('', { status: 404 })
-    }
+    if (response === undefined) return new Response('', { status: 404 })
     if (response instanceof Function) return response.apply(this, arguments)
 
     if (typeof response === 'object') {
diff --git a/spec/version_mismatches_test.js b/spec/version_mismatches_test.js
index 9502632226857b9ead8d8a3f8adc336aabe1003c..278d505603892416ddb8c1e0c685e986836cefec 100644
--- a/spec/version_mismatches_test.js
+++ b/spec/version_mismatches_test.js
@@ -32,7 +32,7 @@ describe('version mismatches', function () {
   let runUpdate
 
   beforeEach(async function () {
-    await mockConfig({ baseUrls: ['http://ui-server'] })
+    await mockConfig({ baseUrls: ['http://ui-server/'] })
     const { createClient } = await mockRedis()
     mockFetch({
       'http://ui-server': {
diff --git a/src/errors.js b/src/errors.js
index 45ff12f6a51c5d94870143fd292fb31afec5ef45..5b63080636027b67e7942d5ccf5ae9de95eac329 100644
--- a/src/errors.js
+++ b/src/errors.js
@@ -27,13 +27,6 @@ export class NotFoundError extends Error {
   }
 }
 
-export class NotAllowedOriginError extends Error {
-  constructor (message, options = {}) {
-    super(message, options)
-    this.status = options.status
-  }
-}
-
 export class VersionMismatchError extends Error {}
 
 /**
@@ -55,8 +48,3 @@ export function isNotFoundError (err) {
   const errors = err instanceof AggregateError ? err.errors : [err]
   return errors.some(error => error instanceof NotFoundError)
 }
-
-export function isNotAllowedOriginError (err) {
-  const errors = err instanceof AggregateError ? err.errors : [err]
-  return errors.some(error => error instanceof NotAllowedOriginError)
-}
diff --git a/src/files.js b/src/files.js
index e0f749f2b383e260a16f47aa63f2067ec6bd9150..41e47eee5ab1d0ce2eae7275524d32df8dbe7012 100644
--- a/src/files.js
+++ b/src/files.js
@@ -25,7 +25,7 @@ import { promisify } from 'node:util'
 import zlib from 'node:zlib'
 import * as cache from './cache.js'
 import { configMap } from './config_map.js'
-import { NotAllowedOriginError, NotFoundError, VersionMismatchError, isVersionMismatchError } from './errors.js'
+import { NotFoundError, VersionMismatchError, isVersionMismatchError } from './errors.js'
 import logger from './logger.js'
 import { getCSSDependenciesFor, getViteManifests } from './manifests.js'
 import { getVersionInfo } from './version.js'
@@ -38,12 +38,8 @@ const compressionMimeTypes = (process.env.COMPRESS_FILE_TYPES || '').replace(/([
 const compressionWhitelistRegex = new RegExp(`^(${compressionMimeTypes.join('|')})($|;)`, 'i')
 
 export async function fetchFileWithHeadersFromBaseUrl ({ path, baseUrl, version }) {
-  const upstreamUrl = new URL(path, baseUrl)
-  if (upstreamUrl.origin !== baseUrl) {
-    throw new NotAllowedOriginError('This origin is not allowed', { status: 400 })
-  }
   const [response, dependencies] = await Promise.all([
-    fetch(upstreamUrl, { cache: 'no-store' }),
+    fetch(new URL(path, baseUrl), { cache: 'no-store' }),
     nodePath.extname(path) === '.js' && getCSSDependenciesFor({ file: path.substr(1), version })
   ])
 
diff --git a/src/routes/serve-files.js b/src/routes/serve-files.js
index 12f9544f9d468442b963f7e173b3d0bc8cb10c0a..fd8cfb7cd42df4e30fd2157d3bc40c33f87c2b54 100644
--- a/src/routes/serve-files.js
+++ b/src/routes/serve-files.js
@@ -21,7 +21,7 @@
  */
 
 import { getFile } from '../files.js'
-import { isNotAllowedOriginError, isNotFoundError, isVersionMismatchError } from '../errors.js'
+import { isNotFoundError, isVersionMismatchError } from '../errors.js'
 
 export default async function serveFilePlugin (fastify, options) {
   fastify.get('*', async (req, reply) => {
@@ -35,7 +35,6 @@ export default async function serveFilePlugin (fastify, options) {
       reply.send(body)
     } catch (err) {
       if (isNotFoundError(err) || isVersionMismatchError(err)) throw fastify.httpErrors.createError(404, `File "${req.urlData('path')}" does not exist.`, err)
-      if (isNotAllowedOriginError(err)) throw fastify.httpErrors.createError(400, err)
       throw fastify.httpErrors.createError(err.statusCode || 500, err)
     }
   })