diff --git a/src/node/http.ts b/src/node/http.ts
index b7a06b4cf..1429b09a1 100644
--- a/src/node/http.ts
+++ b/src/node/http.ts
@@ -353,26 +353,18 @@ export function ensureOrigin(req: express.Request, _?: express.Response, next?:
 
 /**
  * Return true if the origin matches any trusted origin.  Entries are matched
- * as exact strings, the special wildcard `"*"`, or regex literals in the form
- * `/pattern/flags` (e.g. `/^.*\.example\.com$/i`).
+ * as exact strings, the special wildcard `"*"`, or `*.example.com`-style
+ * domain wildcards (same as --proxy-domain).
  */
 export function isTrustedOrigin(origin: string, trustedOrigins: string[]): boolean {
   return trustedOrigins.some((trusted) => {
     if (trusted === "*" || trusted === origin) {
       return true
     }
-    // Regex literal: /pattern/ or /pattern/flags
-    if (trusted.startsWith("/")) {
-      const closingSlash = trusted.lastIndexOf("/")
-      if (closingSlash > 0) {
-        const pattern = trusted.slice(1, closingSlash)
-        const flags = trusted.slice(closingSlash + 1)
-        try {
-          return new RegExp(pattern, flags).test(origin)
-        } catch {
-          return false
-        }
-      }
+    // *.example.com style: match origin if it is the domain or a subdomain
+    if (trusted.startsWith("*.")) {
+      const domain = trusted.slice(2).toLowerCase()
+      return origin === domain || origin.endsWith("." + domain)
     }
     return false
   })
diff --git a/test/unit/node/http.test.ts b/test/unit/node/http.test.ts
index 02ad6ecb7..26fe9be79 100644
--- a/test/unit/node/http.test.ts
+++ b/test/unit/node/http.test.ts
@@ -31,17 +31,11 @@ describe("http", () => {
       expect(http.isTrustedOrigin("localhost:8080", ["*"])).toBe(true)
     })
 
-    it("should match regex patterns", () => {
-      expect(http.isTrustedOrigin("sub.example.com", ["/\\.example\\.com$/"])).toBe(true)
-      expect(http.isTrustedOrigin("evil.com", ["/\\.example\\.com$/"])).toBe(false)
-    })
-
-    it("should support regex flags", () => {
-      expect(http.isTrustedOrigin("SUB.EXAMPLE.COM", ["/\\.example\\.com$/i"])).toBe(true)
-    })
-
-    it("should return false for invalid regex patterns", () => {
-      expect(http.isTrustedOrigin("example.com", ["/[invalid/"])).toBe(false)
+    it("should match *.example.com wildcard (same style as --proxy-domain)", () => {
+      expect(http.isTrustedOrigin("sub.example.com", ["*.example.com"])).toBe(true)
+      expect(http.isTrustedOrigin("example.com", ["*.example.com"])).toBe(true)
+      expect(http.isTrustedOrigin("evil.com", ["*.example.com"])).toBe(false)
+      expect(http.isTrustedOrigin("example.com.evil.com", ["*.example.com"])).toBe(false)
     })
 
     it("should return false for an empty trusted origins list", () => {
@@ -87,12 +81,12 @@ describe("http", () => {
       {
         origin: "http://sub.example.com",
         host: "other.com",
-        trustedOrigins: ["/\\.example\\.com$/"],
+        trustedOrigins: ["*.example.com"],
       },
       {
         origin: "http://evil.com",
         host: "other.com",
-        trustedOrigins: ["/\\.example\\.com$/"],
+        trustedOrigins: ["*.example.com"],
         expected: "does not match",
       },
       {