Reduces the attack surface by limiting sites that can initiate a
cross-domain request to sub-domains of the domain on which the operator
server is running.
Debated originally, but was attempting to allow operator to run on
different domain from request origin and handle multiple origins. This
does not work in practice since openSUSE and SUSE https certs are not
present on same machine. As such, host works better since it allows for
non-cross-origin requests to work without having to specify an apiurl
in startup arguments.
