I am new to pi-hole and just wanted to check that it is safe for me to select 'permit all origins' in my pi-hole settings. Basically, I am running pi-hole with Docker using the official image and docker-compose file on a machine within my local network (a standard local home network set-up). My router uses default settings, I haven't added any port forwarding myself. I am pretty sure it is safe in this case but didn't know if I need to do anything to check there is no port forwarding on my router or anything like that?
Since you run a dockered Pi-hole, depending on your chosen Docker network mode, it may be necessary that you switch away from Pi-hole's recommended default Allow only local requests to one of its ...only on interface xxx modes or to Permit all origins.
The warning shown on Pi-hole's UI fully applies to devices directly connected to the Internet such as cloud instances.
It also explains:
In a typical at-home setup where your Pi-hole is located within your local network (and you have not forwarded port 53 in your router!) they are safe to use.
You're good once you've verified that inbound port 53 is not open on your router.