From d7ae61c4120d3493e458ac6d0d1d1e840bec3c5f Mon Sep 17 00:00:00 2001
From: Peter Steinberger <steipete@gmail.com>
Date: Mon, 2 Mar 2026 17:45:20 +0000
Subject: [PATCH] test(gateway): fix trusted-proxy control-ui auth test origin
 config

---
 src/gateway/server.auth.test.ts | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/gateway/server.auth.test.ts b/src/gateway/server.auth.test.ts
index 3cfdcb2662e..fe4bc550949 100644
--- a/src/gateway/server.auth.test.ts
+++ b/src/gateway/server.auth.test.ts
@@ -216,6 +216,9 @@ async function configureTrustedProxyControlUiAuth() {
   await writeConfigFile({
     gateway: {
       trustedProxies: ["127.0.0.1"],
+      controlUi: {
+        allowedOrigins: ["https://localhost"],
+      },
     },
     // oxlint-disable-next-line typescript/no-explicit-any
   } as any);
@@ -1023,12 +1026,18 @@ describe("gateway server auth/connect", () => {
   });
 
   test("does not bypass pairing for control ui device identity when insecure auth is enabled", async () => {
-    testState.gatewayControlUi = { allowInsecureAuth: true };
+    testState.gatewayControlUi = {
+      allowInsecureAuth: true,
+      allowedOrigins: ["https://localhost"],
+    };
     testState.gatewayAuth = { mode: "token", token: "secret" };
     const { writeConfigFile } = await import("../config/config.js");
     await writeConfigFile({
       gateway: {
         trustedProxies: ["127.0.0.1"],
+        controlUi: {
+          allowedOrigins: ["https://localhost"],
+        },
       },
       // oxlint-disable-next-line typescript/no-explicit-any
     } as any);