diff --git a/src/gateway/origin-check.test.ts b/src/gateway/origin-check.test.ts
index e0dd33a80f2..0797d6c4066 100644
--- a/src/gateway/origin-check.test.ts
+++ b/src/gateway/origin-check.test.ts
@@ -60,4 +60,31 @@ describe("checkBrowserOrigin", () => {
     });
     expect(result.ok).toBe(false);
   });
+
+  it('accepts any origin when allowedOrigins includes "*" (regression: #30990)', () => {
+    const result = checkBrowserOrigin({
+      requestHost: "100.86.79.37:18789",
+      origin: "https://100.86.79.37:18789",
+      allowedOrigins: ["*"],
+    });
+    expect(result.ok).toBe(true);
+  });
+
+  it('accepts any origin when allowedOrigins includes "*" alongside specific entries', () => {
+    const result = checkBrowserOrigin({
+      requestHost: "gateway.tailnet.ts.net:18789",
+      origin: "https://gateway.tailnet.ts.net:18789",
+      allowedOrigins: ["https://control.example.com", "*"],
+    });
+    expect(result.ok).toBe(true);
+  });
+
+  it('accepts wildcard entries with surrounding whitespace', () => {
+    const result = checkBrowserOrigin({
+      requestHost: "100.86.79.37:18789",
+      origin: "https://100.86.79.37:18789",
+      allowedOrigins: [" * "],
+    });
+    expect(result.ok).toBe(true);
+  });
 });