Revert "feat(ui): add stdlib cross-origin protection middleware"

This reverts commit deef74e75b2a985ea9aef6c4076e7e367340196d.

internal/ui/ui.go

@@ -180,6 +180,6 @@ func Serve(store *storage.Storage, pool *worker.Pool) http.Handler {
 		w.Write([]byte("User-agent: *\nDisallow: /"))
 	})
 
-	// Apply middleware chain: cross-origin protection -> web session -> CSRF validation -> handlers.
-	return http.NewCrossOriginProtection().Handler(webSessionMiddleware.handle(csrfMiddleware.handle(mux)))
+	// Apply middleware chain: web session -> CSRF validation -> handlers.
+	return webSessionMiddleware.handle(csrfMiddleware.handle(mux))
 }