diff --git a/src/daemon/config.js b/src/daemon/config.js
index 0c109ce2c..7ea1eb67d 100644
--- a/src/daemon/config.js
+++ b/src/daemon/config.js
@@ -99,55 +99,6 @@ function migrateConfig (ipfsd) {
   store.set(REVISION_KEY, REVISION)
 }
 
-// Check for * and webui://- in allowed origins on API headers.
-// The wildcard was a ipfsd-ctl default, that we don't want, and
-// webui://- was an earlier experiement that should be cleared out.
-//
-// We remove them the first time we find them. If we find it again on subsequent
-// runs then we leave them in, under the assumption that you really want it.
-// TODO: show warning in UI when wildcard is in the allowed origins.
-function checkCorsConfig (ipfsd) {
-  if (store.get('checkedCorsConfig')) {
-    // We've already checked so skip it.
-    return
-  }
-
-  let config = null
-
-  try {
-    config = readConfigFile(ipfsd)
-  } catch (err) {
-    // This is a best effort check, dont blow up here, that should happen else where.
-    // TODO: gracefully handle config errors elsewhere!
-    logger.error(`[daemon] checkCorsConfig: error reading config file: ${err.message || err}`)
-    return
-  }
-
-  if (config.API && config.API.HTTPHeaders && config.API.HTTPHeaders['Access-Control-Allow-Origin']) {
-    const allowedOrigins = config.API.HTTPHeaders['Access-Control-Allow-Origin']
-    const originsToRemove = ['*', 'webui://-']
-
-    if (Array.isArray(allowedOrigins)) {
-      const specificOrigins = allowedOrigins.filter(origin => !originsToRemove.includes(origin))
-
-      if (specificOrigins.length !== allowedOrigins.length) {
-        config.API.HTTPHeaders['Access-Control-Allow-Origin'] = specificOrigins
-
-        try {
-          writeConfigFile(ipfsd, config)
-          store.set('updatedCorsConfig', Date.now())
-        } catch (err) {
-          logger.error(`[daemon] checkCorsConfig: error writing config file: ${err.message || err}`)
-          // don't skip setting checkedCorsConfig so we try again next time time.
-          return
-        }
-      }
-    }
-  }
-
-  store.set('checkedCorsConfig', true)
-}
-
 const parseCfgMultiaddr = (addr) => (addr.includes('/http')
   ? multiaddr(addr)
   : multiaddr(addr).encapsulate('/http')
@@ -325,6 +276,5 @@ module.exports = Object.freeze({
   rmApiFile,
   applyDefaults,
   migrateConfig,
-  checkCorsConfig,
   checkPorts
 })
diff --git a/src/daemon/daemon.js b/src/daemon/daemon.js
index d94fbe39b..941c10758 100644
--- a/src/daemon/daemon.js
+++ b/src/daemon/daemon.js
@@ -3,7 +3,7 @@ const i18n = require('i18next')
 const { showDialog } = require('../dialogs')
 const logger = require('../common/logger')
 const { getCustomBinary } = require('../custom-ipfs-binary')
-const { applyDefaults, migrateConfig, checkCorsConfig, checkPorts, configExists, rmApiFile, apiFileExists } = require('./config')
+const { applyDefaults, migrateConfig, checkPorts, configExists, rmApiFile, apiFileExists } = require('./config')
 const showMigrationPrompt = require('./migration-prompt')
 
 function cannotConnectDialog (addr) {
@@ -42,7 +42,6 @@ async function spawn ({ flags, path }) {
 
   if (configExists(ipfsd)) {
     migrateConfig(ipfsd)
-    checkCorsConfig(ipfsd)
     return { ipfsd, isRemote: false }
   }
 
diff --git a/test/e2e/launch.e2e.test.js b/test/e2e/launch.e2e.test.js
index cb845ddf1..4ae2c6ce2 100644
--- a/test/e2e/launch.e2e.test.js
+++ b/test/e2e/launch.e2e.test.js
@@ -106,46 +106,6 @@ test.describe.serial('Application launch', async () => {
     expect(config.Discovery.MDNS.Enabled).toBeTruthy()
   })
 
-  test('fixes cors config if access to "*" is granted', async () => {
-    // create config
-    const { repoPath, configPath, peerId: expectedId } = await makeRepository({ start: false })
-    let config = fs.readJsonSync(configPath)
-
-    // pretend someone set dangerous "*" (allowing global access to API)
-    // Note: '*' is the default when running ipfsd-ctl with test=true, but we set it here just to be sure
-    config.API.HTTPHeaders['Access-Control-Allow-Origin'] = ['*']
-    fs.writeJsonSync(configPath, config, { spaces: 2 })
-
-    const { app } = await startApp({ repoPath })
-    const { peerId } = await daemonReady(app)
-    expect(peerId).toBe(expectedId)
-
-    // ensure app has enabled cors checking
-    config = fs.readJsonSync(configPath)
-    expect(config.API.HTTPHeaders['Access-Control-Allow-Origin']).toEqual([])
-  })
-
-  test('fixes cors config with multiple allowed origins', async () => {
-    // create preexisting, initialized repo and config
-    const { repoPath, configPath, peerId: expectedId } = await makeRepository({ start: false })
-
-    // setup CORS config for the test
-    const initConfig = fs.readJsonSync(configPath)
-    // update origins to include multiple entries, including wildcard.
-    const newOrigins = ['https://webui.ipfs.io', '*']
-    initConfig.API.HTTPHeaders['Access-Control-Allow-Origin'] = newOrigins
-    fs.writeJsonSync(configPath, initConfig, { spaces: 2 })
-
-    const { app } = await startApp({ repoPath })
-    const { peerId } = await daemonReady(app)
-    expect(peerId).toBe(expectedId)
-
-    const config = fs.readJsonSync(configPath)
-    // ensure app has enabled cors checking
-    const specificOrigins = newOrigins.filter(origin => origin !== '*')
-    expect(config.API.HTTPHeaders['Access-Control-Allow-Origin']).toEqual(specificOrigins)
-  })
-
   test('starts with repository with "IPFS_PATH/api" file and no daemon running', async () => {
     // create "remote" repo
     const { ipfsd } = await makeRepository({ start: true })