Domain Restriction Test

Expected: Should work ✅
Reason: localhost is in the allowed domains list

Instructions:
1. Open browser DevTools (F12)
2. Go to Network tab
3. Send a message in the chat above
4. Look at the request headers - you should see "Referer" or "Origin" headers
5. The app will check these headers and allow/block accordingly

✅ Allowed: Requests from toonvangelderen.com or www.toonvangelderen.com
⛔ Blocked: Requests from any other domain

When someone embeds your Gradio Space iframe on another website, the browser will send that website's domain in the headers, and your app will block it.