diff --git a/docker/images/config.env b/docker/images/config.env
index ad1ee70ad..eccfbe0bf 100644
--- a/docker/images/config.env
+++ b/docker/images/config.env
@@ -1,34 +1,48 @@
-# Should be set to the public domain where penpot is going to be served.
+## Should be set to the public domain where penpot is going to be served.
+##
+## NOTE: If you are going to serve it under different domain than
+## 'localhost' without HTTPS, consider setting the
+## `disable-secure-session-cookies' flag on the 'PENPOT_FLAGS'
+## setting.
+
 PENPOT_PUBLIC_URI=http://localhost:9001
 PENPOT_TENANT=pro
 
-# Temporal workaround because of bad builtin default
+## Feature flags.
+
+PENPOT_FLAGS="enable-registration enable-login"
+
+## Temporal workaround because of bad builtin default
+
 PENPOT_HTTP_SERVER_HOST=0.0.0.0
 
-# Standard database connection parameters (only postgresql is supported):
+## Standard database connection parameters (only postgresql is supported):
+
 PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot
 PENPOT_DATABASE_USERNAME=penpot
 PENPOT_DATABASE_PASSWORD=penpot
 
-# Redis is used for the websockets notifications.
+## Redis is used for the websockets notifications.
+
 PENPOT_REDIS_URI=redis://penpot-redis/0
 
-# By default, files uploaded by users are stored in local filesystem. But it
-# can be configured to store in AWS S3 or completely in de the database.
-# Storing in the database makes the backups more easy but will make access to
-# media less performant.
+## By default, files uploaded by users are stored in local
+## filesystem. But it can be configured to store in AWS S3.
+
 PENPOT_ASSETS_STORAGE_BACKEND=assets-fs
 PENPOT_STORAGE_ASSETS_FS_DIRECTORY=/opt/data/assets
 
-# Telemetry. When enabled, a periodical process will send anonymous data about
-# this instance. Telemetry data will enable us to learn on how the application
-# is used, based on real scenarios. If you want to help us, please leave it
-# enabled.
+## Telemetry. When enabled, a periodical process will send anonymous
+## data about this instance. Telemetry data will enable us to learn on
+## how the application is used, based on real scenarios. If you want
+## to help us, please leave it enabled.
+
 PENPOT_TELEMETRY_ENABLED=true
 
-# Email sending configuration. By default, emails are printed in the console,
-# but for production usage is recommended to setup a real SMTP provider. Emails
-# are used to confirm user registrations.
+## Email sending configuration. By default, emails are printed in the
+## console, but for production usage is recommended to setup a real
+## SMTP provider. Emails are used to confirm user registrations.
+
 PENPOT_SMTP_ENABLED=false
 PENPOT_SMTP_DEFAULT_FROM=no-reply@example.com
 PENPOT_SMTP_DEFAULT_REPLY_TO=no-reply@example.com
@@ -39,34 +53,40 @@ PENPOT_SMTP_DEFAULT_REPLY_TO=no-reply@example.com
 # PENPOT_SMTP_TLS=true
 # PENPOT_SMTP_SSL=false
 
-# Feature flags. Right now they are only affect frontend, but in
-# future release they will affect to both backend and frontend.
-PENPOT_FLAGS="enable-registration"
+## Comma separated list of allowed domains to register. Empty to allow
+## all.
 
-# Comma separated list of allowed domains to register. Empty to allow all.
 # PENPOT_REGISTRATION_DOMAIN_WHITELIST=""
 
 ## Authentication providers
 
-# Google
+## Google
+
 # PENPOT_GOOGLE_CLIENT_ID=
 # PENPOT_GOOGLE_CLIENT_SECRET=
 
-# GitHub
+## GitHub
+
 # PENPOT_GITHUB_CLIENT_ID=
 # PENPOT_GITHUB_CLIENT_SECRET=
 
-# GitLab
+## GitLab
+
 # PENPOT_GITLAB_BASE_URI=https://gitlab.com
 # PENPOT_GITLAB_CLIENT_ID=
 # PENPOT_GITLAB_CLIENT_SECRET=
 
-# OpenID Connect (since 1.5.0)
+## OpenID Connect (since 1.5.0)
+
 # PENPOT_OIDC_BASE_URI=
 # PENPOT_OIDC_CLIENT_ID=
 # PENPOT_OIDC_CLIENT_SECRET=
 
-# LDAP
+## LDAP
+##
+## NOTE: to enable ldap, you will need to put 'enable-login-with-ldap'
+## on the 'PENPOT_FLAGS' environment variable.
+
 # PENPOT_LDAP_HOST=ldap
 # PENPOT_LDAP_PORT=10389
 # PENPOT_LDAP_SSL=false
@@ -78,7 +98,3 @@ PENPOT_FLAGS="enable-registration"
 # PENPOT_LDAP_ATTRS_EMAIL=mail
 # PENPOT_LDAP_ATTRS_FULLNAME=cn
 # PENPOT_LDAP_ATTRS_PHOTO=jpegPhoto
-# PENPOT_LOGIN_WITH_LDAP=true
-
-# Exporter
-PENPOT_DOMAIN_WHITE_LIST=localhost:9001
diff --git a/exporter/src/app/config.cljs b/exporter/src/app/config.cljs
index 47b835c60..6a312ab68 100644
--- a/exporter/src/app/config.cljs
+++ b/exporter/src/app/config.cljs
@@ -25,15 +25,13 @@
    :host "devenv"
    :http-server-port 6061
    :http-server-host "localhost"
-   :redis-uri "redis://redis/0"
-   :domain-white-list #{"localhost:3449"}})
+   :redis-uri "redis://redis/0"})
 
 (s/def ::http-server-port ::us/integer)
 (s/def ::http-server-host ::us/string)
 (s/def ::public-uri ::us/uri)
 (s/def ::tenant ::us/string)
 (s/def ::host ::us/string)
-(s/def ::domain-white-list ::us/set-of-str)
 (s/def ::browser-pool-max ::us/integer)
 (s/def ::browser-pool-min ::us/integer)
 
@@ -44,8 +42,7 @@
                    ::http-server-port
                    ::http-server-host
                    ::browser-pool-max
-                   ::browser-pool-min
-                   ::domain-white-list]))
+                   ::browser-pool-min]))
 
 (defn- read-env
   [prefix]
diff --git a/exporter/src/app/handlers.cljs b/exporter/src/app/handlers.cljs
index 0d0cab3a3..a1a849699 100644
--- a/exporter/src/app/handlers.cljs
+++ b/exporter/src/app/handlers.cljs
@@ -70,7 +70,6 @@
 (defmulti command-spec :cmd)
 
 (s/def ::id ::us/string)
-(s/def ::uri ::us/uri)
 (s/def ::wait ::us/boolean)
 (s/def ::cmd ::us/keyword)
 
@@ -80,24 +79,13 @@
 
 (s/def ::params
   (s/and (s/keys :req-un [::cmd]
-                 :opt-un [::wait ::uri])
+                 :opt-un [::wait])
          (s/multi-spec command-spec :cmd)))
 
-(defn validate-uri!
-  [uri]
-  (let [white-list (cf/get :domain-white-list #{})
-        default    (cf/get :public-uri)]
-    (when-not (or (contains? white-list (u/get-domain uri))
-                  (= (u/get-domain default) (u/get-domain uri)))
-      (ex/raise :type :validation
-                :code :domain-not-allowed
-                :hint "looks like the uri provided is not part of the white list"))))
-
 (defn handler
   [{:keys [:request/params] :as exchange}]
-  (let [{:keys [cmd uri] :as params} (us/conform ::params params)]
+  (let [{:keys [cmd] :as params} (us/conform ::params params)]
     (l/debug :hint "process-request" :cmd cmd)
-    (some-> uri validate-uri!)
     (case cmd
       :get-resource  (resources/handler exchange)
       :export-shapes (export-shapes/handler exchange params)
diff --git a/exporter/src/app/handlers/export_frames.cljs b/exporter/src/app/handlers/export_frames.cljs
index 74ac5ab83..a8a4a0c85 100644
--- a/exporter/src/app/handlers/export_frames.cljs
+++ b/exporter/src/app/handlers/export_frames.cljs
@@ -29,7 +29,6 @@
 (s/def ::file-id ::us/uuid)
 (s/def ::page-id ::us/uuid)
 (s/def ::object-id ::us/uuid)
-(s/def ::uri ::us/uri)
 
 (s/def ::export
   (s/keys :req-un [::file-id ::page-id ::object-id ::name]))
@@ -39,18 +38,18 @@
 
 (s/def ::params
   (s/keys :req-un [::exports]
-          :opt-un [::uri ::name]))
+          :opt-un [::name]))
 
 (defn handler
-  [{:keys [:request/auth-token] :as exchange} {:keys [exports uri profile-id] :as params}]
+  [{:keys [:request/auth-token] :as exchange} {:keys [exports profile-id] :as params}]
   ;; NOTE: we need to have the `:type` prop because the exports
   ;; datastructure preparation uses it for creating the groups.
   (let [exports  (-> (map #(assoc % :type :pdf :scale 1 :suffix "") exports)
-                     (prepare-exports auth-token uri))]
+                     (prepare-exports auth-token))]
     (handle-export exchange (assoc params :exports exports))))
 
 (defn handle-export
-  [exchange {:keys [exports wait uri name profile-id] :as params}]
+  [exchange {:keys [exports wait name profile-id] :as params}]
   (let [total       (count exports)
         topic       (str profile-id)
         resource    (rsc/create :pdf (or name (-> exports first :name)))
diff --git a/exporter/src/app/handlers/export_shapes.cljs b/exporter/src/app/handlers/export_shapes.cljs
index b70e63cf2..c6ac2f05d 100644
--- a/exporter/src/app/handlers/export_shapes.cljs
+++ b/exporter/src/app/handlers/export_shapes.cljs
@@ -34,7 +34,6 @@
 (s/def ::scale ::us/number)
 (s/def ::suffix ::us/string)
 (s/def ::type ::us/keyword)
-(s/def ::uri ::us/uri)
 (s/def ::wait ::us/boolean)
 
 (s/def ::export
@@ -45,11 +44,11 @@
 
 (s/def ::params
   (s/keys :req-un [::exports ::profile-id]
-          :opt-un [::uri ::wait ::name]))
+          :opt-un [::wait ::name]))
 
 (defn handler
-  [{:keys [:request/auth-token] :as exchange} {:keys [exports uri] :as params}]
-  (let [exports (prepare-exports exports auth-token uri)]
+  [{:keys [:request/auth-token] :as exchange} {:keys [exports] :as params}]
+  (let [exports (prepare-exports exports auth-token)]
     (if (and (= 1 (count exports))
              (= 1 (count (-> exports first :objects))))
       (handle-single-export exchange (-> params
@@ -58,7 +57,7 @@
       (handle-multiple-export exchange (assoc params :exports exports)))))
 
 (defn- handle-single-export
-  [exchange {:keys [export wait uri profile-id name] :as params}]
+  [exchange {:keys [export wait profile-id name] :as params}]
   (let [topic       (str profile-id)
         resource    (rsc/create (:type export) (or name (:name export)))
 
@@ -98,7 +97,7 @@
       (assoc exchange :response/body (dissoc resource :path)))))
 
 (defn- handle-multiple-export
-  [exchange {:keys [exports wait uri profile-id name] :as params}]
+  [exchange {:keys [exports wait profile-id name] :as params}]
   (let [resource    (rsc/create :zip (or name (-> exports first :name)))
         total       (count exports)
         topic       (str profile-id)
@@ -185,7 +184,7 @@
   default-partition-size 50)
 
 (defn prepare-exports
-  [exports token uri]
+  [exports token]
   (letfn [(process-group [group]
             (sequence (comp (partition-all default-partition-size)
                             (map process-partition))
@@ -196,7 +195,6 @@
              :page-id (:page-id part1)
              :name    (:name part1)
              :token   token
-             :uri     uri
              :type    (:type part1)
              :scale   (:scale part1)
              :objects (mapv part-entry->object part)})
diff --git a/exporter/src/app/renderer.cljs b/exporter/src/app/renderer.cljs
index 90e03ec68..42ab6c6ad 100644
--- a/exporter/src/app/renderer.cljs
+++ b/exporter/src/app/renderer.cljs
@@ -20,7 +20,6 @@
 (s/def ::file-id ::us/uuid)
 (s/def ::scale ::us/number)
 (s/def ::token ::us/string)
-(s/def ::uri ::us/uri)
 (s/def ::filename ::us/string)
 
 (s/def ::object
@@ -30,8 +29,7 @@
   (s/coll-of ::object :min-count 1))
 
 (s/def ::render-params
-  (s/keys :req-un [::file-id ::page-id ::scale ::token ::type ::objects]
-          :opt-un [::uri]))
+  (s/keys :req-un [::file-id ::page-id ::scale ::token ::type ::objects]))
 
 (defn- render
   [{:keys [type] :as params} on-object]
diff --git a/frontend/src/app/main/repo.cljs b/frontend/src/app/main/repo.cljs
index cc2c8828f..ee068f205 100644
--- a/frontend/src/app/main/repo.cljs
+++ b/frontend/src/app/main/repo.cljs
@@ -130,9 +130,7 @@
 
 (defmethod query :exporter
   [_ params]
-  (let [default {:wait false
-                 :blob? false
-                 :uri (str base-uri)}]
+  (let [default {:wait false :blob? false}]
     (send-export (merge default params))))
 
 (derive :upload-file-media-object ::multipart-upload)