diff --git a/env b/env
index 81b53135a..2e376463b 100644
--- a/env
+++ b/env
@@ -1,5 +1,6 @@
 export FLASK_APP="/rDrama/files/cli:app"
 export SITE="localhost"
+export SITE_HOSTS="localhost,127.0.0.1"
 export SITE_NAME="rDrama"
 export SECRET_KEY="blahblahblah"
 export DATABASE_URL="postgresql://postgres@localhost:5432"
diff --git a/files/__main__.py b/files/__main__.py
index 57681be0b..1bb0482f5 100644
--- a/files/__main__.py
+++ b/files/__main__.py
@@ -24,10 +24,11 @@ app.jinja_env.auto_reload = True
 app.jinja_env.add_extension('jinja2.ext.do')
 faulthandler.enable()
 
-app.config['SECRET_KEY'] = environ.get('SECRET_KEY').strip()
 SITE = environ.get("SITE").strip()
+SITE_HOSTS = environ.get("SITE_HOSTS").split(',')
+
+app.config['SECRET_KEY'] = environ.get('SECRET_KEY').strip()
 app.config['SEND_FILE_MAX_AGE_DEFAULT'] = 3153600
-app.config['SESSION_COOKIE_DOMAIN'] = SITE
 app.config["SESSION_COOKIE_NAME"] = "session_" + environ.get("SITE_NAME").strip().lower()
 app.config['MAX_CONTENT_LENGTH'] = 100 * 1024 * 1024
 app.config["SESSION_COOKIE_SECURE"] = True
@@ -87,7 +88,7 @@ def before_request():
 	with open('/site_settings.json', 'r', encoding='utf_8') as f:
 		app.config['SETTINGS'] = json.load(f)
 
-	if request.host != SITE:
+	if request.host not in SITE_HOSTS:
 		return {"error": "Unauthorized host provided"}, 403
 
 	if request.headers.get("CF-Worker"): return {"error": "Cloudflare workers are not allowed to access this website."}, 403
@@ -98,11 +99,6 @@ def before_request():
 	g.webview = '; wv) ' in ua
 	g.inferior_browser = 'iphone' in ua or 'ipad' in ua or 'ipod' in ua or 'mac os' in ua or ' firefox/' in ua
 
-	#### WPD TEMP #### temporary WPD migration logic: redirect to /
-	if SITE == "watchpeopledie.co" and request.path != '/':
-		return redirect('/')
-	#### END WPD TEMP ####
-
 	request.path = request.path.rstrip('/')
 	if not request.path: request.path = '/'
 	request.full_path = request.full_path.rstrip('?').rstrip('/')